From 056302a92862fda16351d7192600746746f38e5d Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Mon, 6 Feb 2012 19:04:59 -0500 Subject: Updating translatable strings for string freeze --- po/as.po | 475 ++++++---- po/bn.po | 475 ++++++---- po/ca.po | 475 ++++++---- po/cs.po | 475 ++++++---- po/de.po | 488 ++++++---- po/el.po | 475 ++++++---- po/es.po | 506 ++++++---- po/et.po | 475 ++++++---- po/fa.po | 475 ++++++---- po/fi.po | 475 ++++++---- po/fr.po | 475 ++++++---- po/hu.po | 477 ++++++---- po/id.po | 499 ++++++---- po/it.po | 501 ++++++---- po/ja.po | 475 ++++++---- po/ja_JP.po | 475 ++++++---- po/ko.po | 475 ++++++---- po/lt.po | 475 ++++++---- po/nb.po | 475 ++++++---- po/nl.po | 506 ++++++---- po/nn.po | 475 ++++++---- po/pl.po | 506 ++++++---- po/pt.po | 501 ++++++---- po/pt_BR.po | 475 ++++++---- po/ru.po | 501 ++++++---- po/sk.po | 475 ++++++---- po/sq.po | 475 ++++++---- po/sr.po | 475 ++++++---- po/sssd.pot | 475 ++++++---- po/sv.po | 501 ++++++---- po/ta.po | 475 ++++++---- po/tr.po | 475 ++++++---- po/uk.po | 506 ++++++---- po/vi.po | 475 ++++++---- po/zh_CN.po | 475 ++++++---- po/zh_TW.po | 480 ++++++---- src/man/po/as.po | 1771 +++++++++++++++++++++++++---------- src/man/po/bn.po | 1771 +++++++++++++++++++++++++---------- src/man/po/bs.po | 1771 +++++++++++++++++++++++++---------- src/man/po/ca.po | 1771 +++++++++++++++++++++++++---------- src/man/po/cs.po | 1775 +++++++++++++++++++++++++---------- src/man/po/de.po | 1771 +++++++++++++++++++++++++---------- src/man/po/el.po | 1771 +++++++++++++++++++++++++---------- src/man/po/es.po | 1948 ++++++++++++++++++++++++++++----------- src/man/po/et.po | 1771 +++++++++++++++++++++++++---------- src/man/po/fa.po | 1771 +++++++++++++++++++++++++---------- src/man/po/fi.po | 1771 +++++++++++++++++++++++++---------- src/man/po/fr.po | 2143 +++++++++++++++++++++++++++++++++---------- src/man/po/hu.po | 1771 +++++++++++++++++++++++++---------- src/man/po/id.po | 1771 +++++++++++++++++++++++++---------- src/man/po/it.po | 1771 +++++++++++++++++++++++++---------- src/man/po/ja.po | 1771 +++++++++++++++++++++++++---------- src/man/po/ja_JP.po | 1771 +++++++++++++++++++++++++---------- src/man/po/ko.po | 1771 +++++++++++++++++++++++++---------- src/man/po/lt.po | 1771 +++++++++++++++++++++++++---------- src/man/po/nb.po | 1771 +++++++++++++++++++++++++---------- src/man/po/nl.po | 2002 +++++++++++++++++++++++++++++----------- src/man/po/nn.po | 1771 +++++++++++++++++++++++++---------- src/man/po/pl.po | 1771 +++++++++++++++++++++++++---------- src/man/po/pt.po | 2050 ++++++++++++++++++++++++++++++----------- src/man/po/pt_BR.po | 1771 +++++++++++++++++++++++++---------- src/man/po/ru.po | 1771 +++++++++++++++++++++++++---------- src/man/po/sk.po | 1771 +++++++++++++++++++++++++---------- src/man/po/sq.po | 1771 +++++++++++++++++++++++++---------- src/man/po/sr.po | 1771 +++++++++++++++++++++++++---------- src/man/po/sssd-docs.pot | 1749 +++++++++++++++++++++++++---------- src/man/po/ta.po | 1771 +++++++++++++++++++++++++---------- src/man/po/tr.po | 1771 +++++++++++++++++++++++++---------- src/man/po/uk.po | 2294 ++++++++++++++++++++++++++++++++++------------ src/man/po/ur.po | 1771 +++++++++++++++++++++++++---------- src/man/po/vi.po | 1771 +++++++++++++++++++++++++---------- src/man/po/zh_CN.po | 1771 +++++++++++++++++++++++++---------- src/man/po/zh_TW.po | 1771 +++++++++++++++++++++++++---------- 73 files changed, 60272 insertions(+), 24191 deletions(-) diff --git a/po/as.po b/po/as.po index 990aa64c4..bdaca4bea 100644 --- a/po/as.po +++ b/po/as.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/bn.po b/po/bn.po index 10c550774..82eba9848 100644 --- a/po/bn.po +++ b/po/bn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Bengali \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ca.po b/po/ca.po index 79c3779e7..915775fd2 100644 --- a/po/ca.po +++ b/po/ca.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Catalan \n" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/cs.po b/po/cs.po index c20052b0b..583032579 100644 --- a/po/cs.po +++ b/po/cs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Czech (http://www.transifex.net/projects/p/fedora/team/cs/)\n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/de.po b/po/de.po index 799638f9f..a487094ca 100644 --- a/po/de.po +++ b/po/de.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: German \n" @@ -81,7 +81,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -147,687 +147,835 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Identity Provider" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Identity Provider" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Identity Provider" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Identity Provider" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "IPA-Domain" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "IPA-Serveradresse" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "IPA-Client-Rechnername" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Kerberos-Serveradresse" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Kerberos Realm" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Benutzername-Attribut" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "UID-Attribut" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "GECOS-Attribut" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Shell-Attribut" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "UUID-Attribut" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Vollständiger Name" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Shell-Attribut" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Shell-Attribut" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Shell-Attribut" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Benutzername-Attribut" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/el.po b/po/el.po index 95360f0be..3e84fcf3c 100644 --- a/po/el.po +++ b/po/el.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Greek \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/es.po b/po/es.po index 17091ebbd..dab4c8b3d 100644 --- a/po/es.po +++ b/po/es.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Spanish (Castilian) \n" @@ -90,7 +90,7 @@ msgid "Entry cache background update timeout length (seconds)" msgstr "" "Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Tiempo máximo negativo del cache (segundos)" @@ -167,299 +167,333 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "Cuanto días se debe mostrar un aviso de expiración de contraseña" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +#, fuzzy +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" +"Cuanto segundos se mantendrá la información de identidad almacenada para " +"solicitudes de PAM" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Proveedor de identidad" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Proveedor de Autenticación" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Proveedor de control de acceso" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Proveedor de cambio de contraseña" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Proveedor de identidad" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Proveedor de Autenticación" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Proveedor de control de acceso" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Proveedor de identidad" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "ID mínimo de usuario" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "ID máximo de usuario" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Habilitar la enumeración de todos los usuarios/grupos" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Hacer caché de las credenciales para ingresos fuera de línea" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Guardar los hashes de la contraseña" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Mostrar los usuarios/grupos en un formato completamente calificado" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Tiempo máximo de una entrada del caché (segundos)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Restringir o preferir una familia de direcciones específica, cuando se " "realicen búsquedas DNS" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "Por cuánto tiempo permitir ingresos cacheados luego del último (días)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se " "estén resolviendo servidores" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "La sección del dominio de la consulta para descubrir servicios DNS" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "Sustituye valor GID del proveedor de la identidad con este valor" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "Dominio IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "Dirección del servidor IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "Nombre de equipo del cliente IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "La interfaz cuya IP debería ser utilizada para actualizaciones DNS " "automáticas" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "Búsqueda base para objetos HBAC" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" "Si se encuentran presentes reglas de negación (DENY) o bien se niega todo " "(DENY_ALL) o se ignora (IGNORE)" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Dirección del servidor Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Reinado Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Expiración de la autenticación" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Directorio donde almacenar las credenciales cacheadas" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Ubicación del caché de credenciales del usuario" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Ubicación de la tabla de claves para validar las credenciales" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Habilitar la validación de credenciales" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" "Si se encuentra desconectado, almacena contraseñas para más tarde realizar " "una autenticación en línea" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "ciclo de vida renovable del TGT" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "ciclo de vida del TGT" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "tiempo entre dos comprobaciones para renovación " -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "Habilita FAST" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "Selecciona el principal para su uso por FAST" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "Habilita canonicalización principal" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" "El servidor en donde está ejecutándose el servicio de modificación de " "contraseña, en caso de no ser KDC. " -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, El URI del servidor LDAP" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "DN base predeterminado" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "El DN Bind predeterminado" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "El tipo del token de autenticación del DN bind predeterminado" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "El token de autenticación del DN bind predeterminado" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Tiempo durante el que se intentará la conexión" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "Use solo el caso superior para nombres reales" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "Archivo que contiene los certificados CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "Ruta hacia un directorio certificado CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "Fichero que contiene el certificado de cliente" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "Fichero que contiene la llave de cliente" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "Lista de posibles suites de cifrado" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Requiere la verificación de certificado TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Especificar el mecanismo sasl a usar" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Especifique el id de autorización sasl a usar" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "Especifica el reinado de autorización sasl a ser utilizado" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Tabla de clave del servicio Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Usar auth Kerberos para la conexión LDAP" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Seguir referencias LDAP" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "Período de vida del TGT para la conexión LDAP" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "Como eliminar aliases" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "Nombre de servicio para busquedas de servicios DNS" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "La cantidad de miembros que deben faltar para desencadenar una deref completa" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -467,411 +501,543 @@ msgstr "" "Si la Biblioteca LDAP debería realizar una búsqueda inversa para " "canonicalizar el nombre del host durante un enlace SASL" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "atributo entryUSN" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "atributo lastUSN" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Tiempo máximo a esperar un pedido de búsqueda" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "periodo de espera para solicitud de enumeración" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Tiempo en segundos entre las actualizaciones de enumeración" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "periodo de tiempo entre borrados de la caché" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "Requiere TLS para búsquedas de ID" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "DN base para búsquedas de usuario" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Ambito de las búsquedas del usuario" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filtro para las búsquedas del usuario" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objectclass para los usuarios" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Atributo Username" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Atributo GID primario" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Atributo GECOS" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Atributo Directorio de inicio" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Atributo shell" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal del usuario (para Kerberos) " -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Nombre completo" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Atributo hora de modificación" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "atributo shadowLastChange" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "atributo shadowMin " -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "atributo shadowMax" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "atributo shadowWarning " -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "atributo shadowInactive " -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "atributo shadowExpire" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "atributo shadowFlag " -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "listado de atributos de servicios PAM autorizados" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "Atributo de listado de equipos de servidor autorizados" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "atributo krbLastPwdChange " -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "atributo krbPasswordExpiration " -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" "atributo indicando que las políticas de contraseña del lado del servidor " "están activas" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "atributo accountExpires de AD" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "atributo userAccountControl de AD" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "atributo nsAccountLock " -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "loginDisabled atributo de NDS" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "loginExpirationTime atributo de NDS" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "loginAllowedTimeMap atributo de NDS" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "DN base para busqueda de grupos" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "clase objeto para" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "Nombre del grupo" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "Contraseña del grupo" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "Atributo GID" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "Atributo de miembro del grupo" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "Atributo de UUID del grupo" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "Atributo de modificación de tiempo para los grupos" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "A continuación, nivel SSSD de anidado máximo" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "DN base para búsquedas de grupos de red" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "Clases de objetos para grupos de red" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "Nombre de grupo de red" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "Atributo de miembros de grupos de red" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "Atributo triple de grupo de red" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "Atributo UUID de miembro de red" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "Atributo de modificación de tiempo para grupos de red" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "DN base para búsquedas de usuario" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objectclass para los usuarios" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Atributo Username" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Atributo shell" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Política para evaluar el vencimiento de la contraseña" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "Filtro LDAP para determinar privilegios de acceso" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Los atributos que deberán ser utilizados para evaluar si una cuenta ha " "expirado" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" "URI de un servidor LDAP donde se permite la modificación de contraseñas" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" "Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "DN base para búsquedas de usuario" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Tiempo en segundos entre las actualizaciones de enumeración" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objectclass para los usuarios" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "atributo lastUSN" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Atributo de miembro del grupo" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Atributo Username" + +#: src/config/SSSDConfig.py:278 +#, fuzzy +msgid "Sudo rule runasgroup attribute" +msgstr "Atributo UUID de miembro de red" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objectclass para los usuarios" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Atributo Username" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objectclass para los usuarios" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Atributo Directorio de inicio" + +#: src/config/SSSDConfig.py:288 +#, fuzzy +msgid "Automounter map entry value attribute" +msgstr "Atributo triple de grupo de red" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "DN base para búsquedas de usuario" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Lista separada por comas de usuarios autorizados" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Lista separada por comas de usuarios prohibidos" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Shell predeterminado, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Base de los directorios de inicio" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "Nombre de la biblioteca NSS a usar" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "Pila PAM a usar" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Convertirse en demonio (predeterminado)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Ejecutarse en forma interactiva (no un demonio)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Indicar un archivo de configuración diferente al predeterminado" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Nive de depuración" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Agregar marcas de tiempo de depuración" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "Mostrar marcas de tiempo con microsegundos" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Un arhivo abierto de descriptor para los registros de depuración" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Dominio del proveedor de información (obligatorio)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "El zócalo público posee permisos o pertenencia equivocados." -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "Formato no esperado del mensaje de la credencial del servidor." -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "SSSD no está siendo ejecutado por el usuario root." -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción." -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" "Ha ocurrido un error no esperado mientras se buscaba la descripción del error" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Las contraseñas no coinciden" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "No existe soporte para reseteado de la contraseña por el usuario root." -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "Autenticado mediante credenciales cacheada" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", su contraseña cacheada vencerá el:" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "Su contraseña ha expirado. Dispone de %d ingreso(s) excepcionales. " -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "Su contraseña expirará en %d %s." -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "La autenticación ha sido denegada hasta:" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Falló el cambio de contraseña." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Mensaje del servidor:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nueva contraseña: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Reingrese la contraseña nueva:" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Contraseña: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Contraseña actual: " -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "La contraseña ha expirado. Modifíquela en este preciso momento." diff --git a/po/et.po b/po/et.po index 7c849c527..d7c9f3d00 100644 --- a/po/et.po +++ b/po/et.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/fa.po b/po/fa.po index a5f4ec07e..8d21645b1 100644 --- a/po/fa.po +++ b/po/fa.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/fi.po b/po/fi.po index 66fc1123b..605c03445 100644 --- a/po/fi.po +++ b/po/fi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/fr.po b/po/fr.po index c6a47a20c..bed5bacfc 100644 --- a/po/fr.po +++ b/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: French \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Les mots de passe ne correspondent pas" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nouveau mot de passe : " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Retaper le nouveau mot de passe : " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Mot de passe : " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/hu.po b/po/hu.po index abd06ed44..8b4ea4174 100644 --- a/po/hu.po +++ b/po/hu.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Hungarian \n" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,824 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Azonosító-kiszolgáló" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Azonosító-kiszolgáló" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Azonosító-kiszolgáló" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "Legkisebb felhasználói azonosító" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "Legnagyobb felhasználói azonosító" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Azonosítók gyorsítótárazása offline használathoz" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Jelszó hash-ek tárolása" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "IPA-tartomány" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "IPA kiszolgáló címe" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "IPA kliens hosztneve" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Kerberos-kiszolgáló címe" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Kerberos-tartomány" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "Alapértelmezett LDAP alap-DN-je" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "TLS tanusítvány ellenőrzése" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "TLS megkövetelése ID keresésekor" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "GECOS attribútum" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Teljes név" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "Csoport neve" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "Csoport jelszava" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "Mikroszekundum pontosságú időbélyegek" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "A jelszavak nem egyeznek" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "Azonosítva gyorsítótárazott adatbázisból" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", a gyorsítótárazott jelszó lejár ekkor: " -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "A jelszava lejárt. Még %d bejelentkezés engedélyezett." -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "A jelszava le fog járni %d %s múlva." -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "A bejelentkezés tiltott eddig:" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "A jelszó megváltoztatása nem sikerült." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Szerver üzenete:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Új jelszó:" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Jelszó mégegyszer: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Jelszó: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Jelenlegi jelszó:" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "A jelszava lejárt, változtass meg most." diff --git a/po/id.po b/po/id.po index d293ff040..ff51a7402 100644 --- a/po/id.po +++ b/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Indonesian \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,846 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Penyedia identitas" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Penyedia otentikasi" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Penyedia kontrol akses" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Penyedia pengubah kata sandi" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Penyedia identitas" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Penyedia otentikasi" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Penyedia kontrol akses" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Penyedia identitas" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "ID pengguna minimum" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "ID pengguna maksimum" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "Domain IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "Alamat server IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "Nama host klien IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Alamat server Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Realm Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI server LDAP" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Lamanya waktu untuk mencoba koneksi" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Membutuhkan verifikasi sertifikat TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Tentukan mekanisme sasl yang digunakan" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Tentukan id otorisasi sasl yang digunakan" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Keytab layanan Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Lingkup pencarian pengguna" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filter pencarian pengguna" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objectclass untuk pengguna" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Atribut Nama pengguna" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Atribut UID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Atribut GID Primer" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Atribut GECOS" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Atribut direktori Home" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Atribut Shell" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Atribut UUID" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Atribut utama pengguna (untuk Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Nama Lengkap" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Atribut memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Atribut waktu modifikasi" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Filter pencarian pengguna" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objectclass untuk pengguna" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Atribut Nama pengguna" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Atribut Shell" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Filter pencarian pengguna" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objectclass untuk pengguna" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Atribut Nama pengguna" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objectclass untuk pengguna" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Atribut Nama pengguna" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objectclass untuk pengguna" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Atribut direktori Home" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Shell default, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Kata sandi tidak cocok" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Perubahan kata sandi gagal." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Pesan server:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Kata Sandi Baru: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Masukkan lagi kata sandi baru:" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Kata sandi:" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Kata sandi saat ini:" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/it.po b/po/it.po index 6c6276b48..f56a38671 100644 --- a/po/it.po +++ b/po/it.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Italian \n" @@ -80,7 +80,7 @@ msgstr "Durata timeout per la cache enumeration (secondi)" msgid "Entry cache background update timeout length (seconds)" msgstr "Durata timeout aggiornamento cache in background (secondi)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Durata timeout negative cache (secondi)" @@ -149,694 +149,855 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Provider di identità" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Provider di autenticazione" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Provider di access control" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Provider di cambio password" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Provider di identità" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Provider di autenticazione" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Provider di access control" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Provider di identità" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "ID utente minimo" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "ID utente massimo" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Consentire l'enumerazione di tutti gli utenti/gruppi" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Salvare in cache le credenziali per login offline" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Salvare gli hash delle password" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Mostrare utenti/gruppi in formato fully-qualified" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Durata timeout elementi in cache (secondi)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione " "di lookup DNS" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto " "successo (giorni)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "Il tempo di attesa per le richieste DNS (secondi)" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "Dominio IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "Indirizzo del server IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "Hostname del client IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "L'interfaccia il cui indirizzo IP dovrebbe essere usato per aggiornamenti " "DNS dinamici." -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Indirizzo del server Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Realm Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Timeout di autenticazione" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Directory in cui salvare le credenziali" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Percorso della cache delle credenziali utente" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Percorso del keytab per la validazione delle credenziali" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Abilita la validazione delle credenziali" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "Intervallo di tempo tra due controlli di rinnovo" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "Abilita FAST" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server dove viene eseguito il servizio di cambio password, se non nel KDC" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, l'indirizzo del server LDAP" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "Il base DN predefinito" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "Il bind DN predefinito" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "Il tipo di token di autenticazione del bind DN predefinito" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "Il token di autenticazione del bind DN predefinito" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Durata del tentativo di connessione" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "Durata tra tentativi di riconnessione quando offline" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "Usare solo maiuscole per i nomi dei realm" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "File contenente i certificati CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "Percorso della directory dei cerficati della CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "File contenente il certificato client" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "File contenente la chiave client" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "Lista delle possibili cipher suite" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Richiedere la verifica del certificato TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Specificare il meccanismo sasl da usare" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Specificare l'id di autorizzazione sasl da usare" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Keytab del servizio Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Usare autorizzazione Kerberos per la connessione LDAP" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Seguire i referral LDAP" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "Metodo di deferenziazione degli alias" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Durata attesa per le richieste di ricerca" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Durata tra gli aggiornamenti alle enumeration" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "Intervallo di tempo per la pulizia cache" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "Richiedere TLS per gli ID lookup" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "Base DN per i lookup utente" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Ambito di applicazione dei lookup utente" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filtro per i lookup utente" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objectclass per gli utenti" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Attributo del nome utente" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Attributo UID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Attributo del GID primario" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Attributo GECOS" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Attributo della home directory" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Attributo della shell" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Attributo UUID" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Attributo user principal (per Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Nome completo" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Attributo memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Attributo data di modifica" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Base DN per i lookup utente" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objectclass per gli utenti" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Attributo del nome utente" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Attributo della shell" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Politica per controllare la scadenza della password" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "Filtro LDAP per determinare i privilegi di accesso" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Base DN per i lookup utente" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Durata tra gli aggiornamenti alle enumeration" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objectclass per gli utenti" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Attributo del nome utente" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objectclass per gli utenti" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Attributo del nome utente" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objectclass per gli utenti" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Attributo della home directory" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "Base DN per i lookup utente" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Lista separata da virgola degli utenti abilitati" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Lista separata da virgola degli utenti non abilitati" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Shell predefinita, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Base delle home directory" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "Il nome della libreria NSS da usare" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "Stack PAM da usare" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Esegui come demone (default)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Esegui interattivamente (non come demone)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Specificare un file di configurazione specifico" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Livello debug" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Includi timestamp di debug" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Un descrittore di file aperto per l'output di debug" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Dominio del provider di informazioni (obbligatorio)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "Il socket privilegiato ha permessi o propritario non validi." -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "Il socket pubblico ha permessi o propritario non validi." -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "SSSD non è eseguito da root." -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Le password non coincidono" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "Autenticato con le credenziali nella cache" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", la password in cache scadrà il: " -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "La password è scaduta. Hai ancora a disposizione %d login di cortesia." -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "La password scadrà tra %d %s" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "L'autenticazione verrà negata fino al: " -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "Il sistema è offline, non è possibile richiedere un cambio password" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Cambio password fallito." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Messaggio del server:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nuova password: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Conferma nuova password: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Password: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Password corrente: " -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "Password scaduta. Cambiare la password ora." diff --git a/po/ja.po b/po/ja.po index a42effc74..6611948b7 100644 --- a/po/ja.po +++ b/po/ja.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Japanese \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ja_JP.po b/po/ja_JP.po index c8fb64af5..cd4549112 100644 --- a/po/ja_JP.po +++ b/po/ja_JP.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ko.po b/po/ko.po index b773bc60c..6ccc445b3 100644 --- a/po/ko.po +++ b/po/ko.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/lt.po b/po/lt.po index 83b662604..3e9f300a1 100644 --- a/po/lt.po +++ b/po/lt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/" @@ -81,7 +81,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -147,687 +147,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/nb.po b/po/nb.po index 1e52b27b8..f22a6ce06 100644 --- a/po/nb.po +++ b/po/nb.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Norwegian Bokmål \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/nl.po b/po/nl.po index ba012e358..ef70820e2 100644 --- a/po/nl.po +++ b/po/nl.po @@ -10,7 +10,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-22 16:50+0000\n" "Last-Translator: Geert Warrink \n" "Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/team/nl/)\n" @@ -84,7 +84,7 @@ msgstr "Enumeratie cache timeout duur (in seconden)" msgid "Entry cache background update timeout length (seconds)" msgstr "Entry cache achtergrond update timeout duur (in seconden)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Negatieve cache timeout duur (in seconden)" @@ -161,303 +161,337 @@ msgstr "" "getoond worden" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +#, fuzzy +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" +"Hoeveel seconden moet de identiteit informatie in cache opgeslagen worden " +"voor PAN aanvragen" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Identiteitaanbieder" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Authentiecatieaanbieder" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Toegangscontroleaanbieder" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Wachtwoordwijzigingsaanbieder" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Identiteitaanbieder" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Authentiecatieaanbieder" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Toegangscontroleaanbieder" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Identiteitaanbieder" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "Minimum gebruiker ID" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "Maximum gebruiker ID" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Schakel enumeratie van alle gebruikers/groepen" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Cache inloggegevens voor offline gebruik" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Sla vingerafdrukken van wachtwoorden op" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Laat gebruikers/groepen in volledige vorm zien" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Entry cache timeout duur (in seconden)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Beperk of geef de voorkeur aan een specifieke adresfamilie wanneer er DNS-" "lookups uitgevoerd worden" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Hoe lang blijven gegevens opgeslagen na een succesvolle login (in dagen)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Hoe lang te wachten op antwoord van de DSN bij het opzoeken van servers (in " "seconden)" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "Het domeingedeelte van DNS queries die service discovery uitvoeren" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "Overschrijf GID waarde van de identiteit aanbieder met deze waarde" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "Behandel gebruikersnamen als hoofdlettergevoelig" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "IPA-domein" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "IPA-serveradres" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "IPA-clienthostname" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in " "FreeIPA" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken " "van de DNS" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "Zoek basis voor HBAC gerelateerde objecten" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Als DENY regels aanwezig zijn, dat DENY_ALL of IGNORE" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Als dit op false ingesteld is, wordt het host argument gegeven door PAM " "genegeerd" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Kerberos-serveradres" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Kerberos-rijk" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Authenticatie timeout" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Werkmap waar authenticatiegegevens opgeslagen worden" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Locatie van de authenticatiecache van de gebruiker" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Locatie van de keytab om authenticatiegegevens te valideren" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Schakel authenticatiegegevensvalidatie in" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" "Sla het wachtwoord op indien offline voor later gebruik bij online " "authenticatie" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "Vernieuwbare levensduur van de TGT" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "Levensduur van de TGT" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "Tijd tussen twee checks voor vernieuwing" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "Zet FAST aan" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST " -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "Zet hoofdpersoon sanctioneren aan" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, de URI van de LDAP server" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "De standaard base DN" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "De standaard bind DN" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "Het type authenticatietoken van de standaard bind DN" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "Het authenticatietoken van de standaard bind DN" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Hoe lang pogen te verbinden" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Hoe lang proberen synchroon LDAP te benaderen" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens " "offline zijn" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "Gebruik alleen hoofdletters voor gebiedsnamen" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "Bestand dat de bekende CA-certificaten bevat" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "Pad naar de CA-certificatenmap" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "Bestand dat het client certificaat bevat" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "Bestand dat de client sleutel bevat" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "Lijst van mogelijke sleutel suites" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Vereis verificatie van het TLS-certificaat" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "Specificeer het te gebruiken sasl autorisatiegebied " -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Kerberos service keytab" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Volg LDAP-doorverwijzingen" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "Levensduur van TGT voor LDAP-connectie" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "Hoe moet de alias referentie verwijderd worden" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "Service naam voor DNS service opzoeken" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Het aantal leden van moet ontbreken om een volledige de-referentie te " "veroorzaken" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -465,410 +499,542 @@ msgstr "" "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te " "autoriseren tijdens een SASL binding" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "entryUSN attribuut" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "lastUSN attribuut" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het " "losgekoppeld wordt" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Tijd om te wachten op een zoekopdracht" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "Tijdsduur te wachten voor een opsommingsverzoek" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Tijd om te wachten tussen enumeratie-updates" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "Tijdsduur tussen cache opschoningen" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "Vereis TLS voor het opzoeken van ID's" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "Base DN voor het opzoeken van gebruikers" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Scope voor het opzoeken van gebruikers" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filter voor het opzoeken van gebruikers" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objectclass voor gebruikers" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Username-attribuut" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "UID-attribuut" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Primair GID-attribuut" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "GECOS-attribuut" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Gebruikersmap-attribuut" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Shell-attribuut" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "UUID-attribuut" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Userprincipal-attribuut (voor Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Volledige naam" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "memberOf-attribuut" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Modification time-attribuut" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "shadowLastChange attribuut" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "shadowMin attribuut" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "shadowMax attribuut" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "shadowWarning attribuut" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "shadowInactive attribuut" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "shadowExpire attribuut" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "shadowFlag attribuut" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "Attribuut voor tonen van geautoriseerde PAM services" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "Attribuut dat geautoriseerde server hosts toont" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "krbLastPwdChange attribuut" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "krbPasswordExpiration attribuut" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "accountExpires attribuut van AD" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "userAccountControl attribuut van AD" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "nsAccountLock attribuut" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "loginDisabled attribuut van NDS" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "loginExpirationTime attribuut van NDS" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "loginAllowedTimeMap attribuut van NDS" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "Basis DN voor groep opzoeken" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "Objectklasse voor groepen" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "Groepsnaam" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "Groep wachtwoord" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "GID attribuut" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "Groep deelnemer attribuut" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "Groep UUID attribuut" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "Verandertijd attribuut voor groepen" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "Maximale nest niveau dat SSSd zal volgen" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "Basis DN voor netgroep opzoeken" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "Objectklasse voor netgroepen" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "Netgroep naam" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "Netgroep leden attribuut" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "Netgroep triple attibuut" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "Netgroep UUID attibuut" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "Verandertijd attribuut voor netgroepen" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Base DN voor het opzoeken van gebruikers" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objectclass voor gebruikers" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Username-attribuut" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Shell-attribuut" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Policy om wacthwoordverloop mee te evalueren" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "LDAP-filter om toegangsprivileges mee te bepalen" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Welke attributen worden gebruikt voor evaluatie als het account verlopen is" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "DNS service naam voor LDAP wachtwoord verander server" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Base DN voor het opzoeken van gebruikers" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Tijd om te wachten tussen enumeratie-updates" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objectclass voor gebruikers" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "lastUSN attribuut" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Groep deelnemer attribuut" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Username-attribuut" + +#: src/config/SSSDConfig.py:278 +#, fuzzy +msgid "Sudo rule runasgroup attribute" +msgstr "Netgroep UUID attibuut" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objectclass voor gebruikers" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Username-attribuut" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objectclass voor gebruikers" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Gebruikersmap-attribuut" + +#: src/config/SSSDConfig.py:288 +#, fuzzy +msgid "Automounter map entry value attribute" +msgstr "Netgroep triple attibuut" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "Base DN voor het opzoeken van gebruikers" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Kommagescheiden lijst van toegestane gebruikers" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Kommagescheiden lijst van geweigerde gebruikers" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Standaard shell, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Basis voor gebruikersmappen" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "De naam van de NSS-bibliotheek die gebruikt wordt" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "PAM-stack die gebruikt wordt" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Start in de achtergrond (standaard)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Start interactief (standaard)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Geef een niet-standaard configuratiebestand op" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "Print versie nummer en sluit af" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Debug niveau" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Voeg tijdstempels toe aan debugberichten" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "Toon tijdstempel met microseconden" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Een geopend bestand voor de debug logs" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Domein voor de informatie provider (verplicht)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "Socket met privileges heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "Publiek socket heeft verkeerde rechten of eigendom." -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "Onverwacht formaat van het inloggegevensbericht van de server." -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "SSSD wordt niet door root gestart." -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" "Er is een fout opgetreden, maar er kan geen omschrijving gevonden worden." -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "Onverwachtte fout bij het opzoeken van een omschrijving" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Wachtwoorden komen niet overeen" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund." -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "Geauthenticeerd met gecachte inloggegevens." -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", uw wachtwoord verloopt op:" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "Uw wachtwoord is verlopen. U heeft %d genadigde login(s) over." -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "Uw wachtwoord verloopt in %d %s." -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "Inloggen wordt geweigerd tot:" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Wijzigen van wachtwoord mislukt." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Serverbericht:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nieuw Wachtwoord: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Voer nieuw wachtwoord nogmaals in: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Wachtwoord: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Huidig wachtwoord:" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord." diff --git a/po/nn.po b/po/nn.po index eff4762ea..4f0993b58 100644 --- a/po/nn.po +++ b/po/nn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Norwegian Nynorsk \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/pl.po b/po/pl.po index 9c5b0df08..0678c1bf9 100644 --- a/po/pl.po +++ b/po/pl.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: Piotr Drąg \n" "Language-Team: Polish (http://www.transifex.net/projects/p/fedora/team/pl/)\n" @@ -84,7 +84,7 @@ msgstr "Czas oczekiwania pamięci podręcznej wyliczania (sekundy)" msgid "Entry cache background update timeout length (seconds)" msgstr "Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)" @@ -159,300 +159,334 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +#, fuzzy +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" +"Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań " +"PAM" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Dostawca tożsamości" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Dostawca uwierzytelniania" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Dostawca kontroli dostępu" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Dostawca zmiany hasła" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Dostawca tożsamości" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Dostawca uwierzytelniania" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Dostawca kontroli dostępu" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Dostawca tożsamości" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "Minimalny identyfikator użytkownika" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "Maksymalny identyfikator użytkownika" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Włącza wyliczanie wszystkich użytkowników/grup" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Przechowuje mieszanie haseł" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Wyświetla użytkowników/grupy w pełnej formie" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Czas oczekiwania pamięci podręcznej wpisów (sekundy)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania " "wyszukiwań DNS" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym " "zalogowaniu (dni)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów " "(sekundy)" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "Część domeny zapytania DNS wykrywania usługi" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "Zastępuje wartość GID z dostawcy tożsamości tą wartością" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "Rozróżnianie wielkości liter w nazwach użytkowników" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "Domena IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "Adres serwera IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "Nazwa komputera klienta IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Interfejs, którego adres IP powinien być używany do dynamicznych " "aktualizacji DNS" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Jeśli reguły DENY są dostępne, to DENY_ALL lub IGNORE" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie " "zignorowany" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Adres serwera Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Obszar Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Czas oczekiwania na uwierzytelnienie" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Włącza sprawdzanie danych uwierzytelniających" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w " "trybie online" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "Odnawialny czas trwania TGT" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "Czas trwania TGT" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "Czas między dwoma sprawdzaniami odnowy" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "Włącza FAST" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "Wybiera naczelnika do użycia dla FAST" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "Włącza ujednolicanie naczelnika" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje " "się w KDC" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, adres URI serwera LDAP" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "Domyślna podstawowa DN" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "Domyślne DN dowiązania" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "Token uwierzytelniania domyślnego DN dowiązania" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Czas do próby połączenia" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Czas do próby synchronicznych działań LDAP" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "Czas między próbami ponownego połączenia w trybie offline" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "Użycie tylko małych znaków w nazwach obszarów" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "Plik zawierający certyfikaty CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "Ścieżka do katalogu certyfikatów CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "Plik zawierający certyfikat klienta" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "Plik zawierający klucz klienta" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "Lista możliwych zestawów szyfrów" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Wymaga sprawdzenia certyfikatu TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Podaje używany mechanizm SASL" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Podaje używany identyfikator upoważnienia SASL" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "Podaje obszar upoważnienia SASL do użycia" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Tablica kluczy usługi Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Podąża za odsyłaniami LDAP" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "Czas trwania TGT dla połączenia LDAP" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "Jak wskazywać aliasy" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "Nazwa usługi do wyszukiwań usługi DNS" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "Suma liczb, których musi brakować, aby wywołać pełne \"deref\"" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -460,404 +494,536 @@ msgstr "" "Określa, czy biblioteka LDAP powinna wykonywać odwrotne wyszukanie, aby " "ujednolicić nazwę komputera podczas dowiązania SASL" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "Atrybut entryUSN" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "Atrybut lastUSN" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Czas oczekiwania na żądanie wyszukiwania" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "Czas oczekiwania na żądanie wyliczenia" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Czas między aktualizacjami wyliczania" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "Czas między czyszczeniem pamięci podręcznej" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "Wymaga TLS dla wyszukiwania identyfikatorów" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "Podstawowe DN dla wyszukiwania użytkowników" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Zakres wyszukiwania użytkowników" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filtruje wyszukiwania użytkowników" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Klasa obiektów dla użytkowników" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Atrybut nazwy użytkownika" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Atrybut UID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Pierwszy atrybut GID" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Atrybut GECOS" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Atrybut katalogu domowego" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Atrybut powłoki" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Atrybut UUID" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Atrybut głównego użytkownika (dla Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Imię i nazwisko" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Atrybut memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Atrybut czasu modyfikacji" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "Atrybut shadowLastChange" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "Atrybut shadowMin" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "Atrybut shadowMax" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "Atrybut shadowWarning" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "Atrybut shadowInactive" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "Atrybut shadowExpire" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "Atrybut shadowFlag" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "Atrybut zawierający listę upoważnionych usług PAM" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "Atrybut krbLastPwdChange" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "Atrybut krbPasswordExpiration" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "Atrybut accountExpires AD" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "Atrybut userAccountControl AD" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "Atrybut nsAccountLock" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "Atrybut loginDisabled NDS" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "Atrybut loginExpirationTime NDS" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Atrybut loginAllowedTimeMap NDS" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "Podstawowe DN dla wyszukiwania grup" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "Klasa obiektów dla grup" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "Nazwa grupy" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "Hasło grupy" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "Atrybut GID" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "Atrybut elementu grupy" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "Atrybut UUID grupy" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "Atrybut czasu modyfikacji grup" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "Klasa obiektów dla grup sieciowych" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "Nazwa grupy sieciowej" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "Atrybut elementów grupy sieciowej" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "Potrójny atrybut grupy sieciowej" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "Atrybut UUID grupy sieciowej" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "Atrybut czasu modyfikacji grup sieciowych" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Podstawowe DN dla wyszukiwania użytkowników" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Klasa obiektów dla użytkowników" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Atrybut nazwy użytkownika" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Atrybut powłoki" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Polityka do oszacowania wygaszenia hasła" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "Filtr LDAP do określenia uprawnień dostępu" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Podstawowe DN dla wyszukiwania użytkowników" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Czas między aktualizacjami wyliczania" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Klasa obiektów dla użytkowników" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Atrybut lastUSN" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Atrybut elementu grupy" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Atrybut nazwy użytkownika" + +#: src/config/SSSDConfig.py:278 +#, fuzzy +msgid "Sudo rule runasgroup attribute" +msgstr "Atrybut UUID grupy sieciowej" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Klasa obiektów dla użytkowników" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Atrybut nazwy użytkownika" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Klasa obiektów dla użytkowników" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Atrybut katalogu domowego" + +#: src/config/SSSDConfig.py:288 +#, fuzzy +msgid "Automounter map entry value attribute" +msgstr "Potrójny atrybut grupy sieciowej" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "Podstawowe DN dla wyszukiwania użytkowników" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Lista zabronionych użytkowników oddzielonych przecinkami" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Domyślna powłoka, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Podstawa katalogów domowych" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "Nazwa używanej biblioteki NSS" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "Używany stos PAM" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Uruchamia jako demon (domyślnie)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Uruchamia interaktywnie (nie jako demon)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Podaje niedomyślny plik konfiguracji" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "Wyświetla numer wersji i kończy działanie" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Poziom debugowania" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Dodaje czasy debugowania" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "Wyświetlanie dat z mikrosekundami" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Otwiera deskryptor pliku dla dzienników debugowania" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Domena dostawcy informacji (wymagane)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia." -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "Publiczne gniazdo posiada błędnego właściciela lub uprawnienia" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera." -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "SSSD nie zostało uruchomione w trybie roota." -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu." -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Hasła nie zgadzają się" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane." -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", hasło w pamięci podręcznej wygaśnie za: " -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "Hasło wygasło. Pozostało %d możliwych logowań." -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "Hasło wygaśnie za %d %s." -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "Uwierzytelnianie jest zabronione do: " -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Zmiana hasła nie powiodła się. " -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Komunikat serwera: " -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nowe hasło: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Proszę ponownie podać nowe hasło: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Hasło: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Bieżące hasło: " -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "Hasło wygasło. Proszę je zmienić teraz." diff --git a/po/pt.po b/po/pt.po index e7e75bc54..bfe22fe77 100644 --- a/po/pt.po +++ b/po/pt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Portuguese \n" @@ -79,7 +79,7 @@ msgstr "Validade da cache de enumeração (segundos)" msgid "Entry cache background update timeout length (seconds)" msgstr "Validade da actualização da cache em segundo plano (segundos)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Validade da cache negativa (segundos)" @@ -150,693 +150,854 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Fornecedor de identidade" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Fornecedor de autenticação" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Fornecedor de controle de acesso" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Fornecedor de Alteração de Senha" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Fornecedor de identidade" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Fornecedor de autenticação" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Fornecedor de controle de acesso" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Fornecedor de identidade" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "ID de utilizador mínimo" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "ID de utilizador máximo" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Permitir enumeração de todos os utilizadores/grupos" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Efectuar cache de credenciais para sessões em modo desligado" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Guardar hashes da senha" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Apresentar utilizadores/grupos na forma completa" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Validade da cache (segundos)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Restringir ou preferir famílias de endereços especificas quando efectua " "consultas DNS" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Durante quanto tempo devem ser permitidas as caches de sessões entre sessões " "bem sucedidas (dias)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "Domínio IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "Endereço do servidor IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "Nome da máquina do cliente IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Endereço do servidor Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Reino Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Tempo de expiração da autenticação" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Directório para armazenar as caches de credenciais" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Localização da cache de credenciais dos utilizadores" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Localização da tabela de chaves (keytab) para validar credenciais" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Activar validação de credenciais" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Servidor onde está em execução o serviço de alteração de senha, se não " "coincide com o KDC" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, O URI do servidor LDAP" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "A base DN por omissão" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "O DN por omissão para a ligação" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "O tipo de token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "O token de autenticação do bind DN por omissão" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Período de tempo para tentar ligação" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tempo de espera para tentar operações LDAP síncronas" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "Tempo de espera entre tentativas para re-conectar quando desligado" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "Ficheiro que contêm os certificados CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "Caminho para o directório do certificado CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Obriga a verificação de certificados TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Especificar mecanismo sasl a utilizar" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Especifique o id sasl para utilizar na autorização" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Separador chave do serviço Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Utilizar autenticação Kerberos para ligações LDAP" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Seguir os referrals LDAP" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Tempo de espera por um pedido de pesquisa" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Período de tempo entre enumeração de actualizações" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "Requer TLS para consultas de ID" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "DN base para pesquisa de utilizadores" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Âmbito das pesquisas do utilizador" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filtro para as pesquisas do utilizador" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objectclass para utilizadores" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Atributo do nome do utilizador" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Atributo UID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Atributo GID primário" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Atributo GECOS" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Atributo da pasta pessoal" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Atributo da Shell" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Atributo UUID" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Atributo principal do utilizador (para Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Nome Completo" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Atributo memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Atributo da alteração da data" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "DN base para pesquisa de utilizadores" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objectclass para utilizadores" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Atributo do nome do utilizador" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Atributo da Shell" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Politica para avaliar a expiração da senha" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "DN base para pesquisa de utilizadores" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Período de tempo entre enumeração de actualizações" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objectclass para utilizadores" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Atributo do nome do utilizador" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objectclass para utilizadores" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Atributo do nome do utilizador" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objectclass para utilizadores" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Atributo da pasta pessoal" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "DN base para pesquisa de utilizadores" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Lista de utilizadores autorizados separados por vírgulas" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Lista de utilizadores não autorizados separados por vírgulas" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Shell pré-definida, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Directório base para as pastas pessoais" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "O nome da biblioteca NSS a utilizar" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "Stack PAM a utilizar" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Tornar-se num serviço (omissão)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Executar interactivamente (não como serviço)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Especificar um ficheiro de configuração não standard" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Nível de depuração" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Adicionar tempos na depuração" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Um descritor de ficheiro aberto para os registos de depuração" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Domínio do fornecedor de informação (obrigatório)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Senhas não coincidem" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", a sua senha guardada em cache irá expirar em: " -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "A sua senha expirou. Restam-lhe %d sessões de tolerância." -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "A sua senha irá expirar em %d %s." -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "O sistema está offline, a mudança de senha não é possível" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Alteração da senha falhou." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Mensagem do Servidor: " -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nova Senha: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Digite a senha novamente: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Senha: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Senha actual: " -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "A senha expirou. Altere a sua senha agora." diff --git a/po/pt_BR.po b/po/pt_BR.po index 7044bcc70..8319d9edd 100644 --- a/po/pt_BR.po +++ b/po/pt_BR.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Portuguese (Brazilian) \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ru.po b/po/ru.po index 270ad440b..9ba02569e 100644 --- a/po/ru.po +++ b/po/ru.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Russian \n" @@ -80,7 +80,7 @@ msgstr "Длина тайм-аута кэша перечисления (в се msgid "Entry cache background update timeout length (seconds)" msgstr "Тайм-аут фонового обновления элемента списка кэша (в секундах)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Отрицательная длина тайм-аута кэша (в секундах)" @@ -150,693 +150,854 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Поставщик данных для идентификации" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Поставщик данных для проверки подлинности" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Поставщик данных для контроля доступа" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Поставщик операции смены пароля" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Поставщик данных для идентификации" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Поставщик данных для проверки подлинности" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Поставщик данных для контроля доступа" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Поставщик данных для идентификации" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "Минимальный ID пользователя" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "Максимальный ID пользователя" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Включить перечисление всех пользователей/групп" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Кэшировать учётные данные для неинтерактивного входа" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Хранить хеши паролей" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Отображать пользователей/группы в полной форме" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Тайм-аут элемента списка кэша (в секундах)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Ограничивать или предпочитать определённое семейство адресов при выполнении " "запросов DNS" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Как долго хранить кэшированные элементы списка после последнего успешного " "входа (в днях)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "IPA-домен" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "адрес сервера IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "имя узла клиента IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Имя сервера Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Область действия Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Тайм-аут проверки подлинности" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Каталог для хранения кэшей учётных данных" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Расположения кэша учётных данных пользователей" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Расположение keytab-файла для проверки учётных данных" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Включить проверку учётных данных" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI сервера LDAP " -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "Base DN по умолчанию" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "Bind DN по умолчанию" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "Тип маркера проверки подлинности для bind DN по умолчанию" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "Маркер проверки подлинности для bind DN по умолчанию" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Временной интервал для попытки соединения" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Временной интервал для попытки синхронизации операций LDAP" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Временной интервал между попытками возобновления соединения в автономного " "режиме" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Требуется проверка сертификата TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Укажите механизм sasl" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Укажите идентификатор авторизации sasl" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Keytab-файл службы Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Следовать ссылкам LDAP" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Временной интервал, в течение которого ожидать поискового запроса" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Временной интервал между обновлениями перечисления" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "Base DN для поиска" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Глубина поиска" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Фильтр поиска" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objectclass для пользователей" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Атрибут «username»" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Атрибут «UID»" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Атрибут «primary GID»" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Атрибут «GECOS»" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Атрибут домашнего каталога" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Атрибут оболочки" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Атрибут «UUID»" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут участника-пользователя (для Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Полное имя" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Атрибут времени изменения" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Base DN для поиска" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objectclass для пользователей" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Атрибут «username»" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Атрибут оболочки" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Политика вычисления окончания срока действия пароля" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Base DN для поиска" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Временной интервал между обновлениями перечисления" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objectclass для пользователей" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Атрибут «username»" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objectclass для пользователей" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Атрибут «username»" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objectclass для пользователей" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Атрибут домашнего каталога" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "Base DN для поиска" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Разделённый запятыми список разрешённых пользователей" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Разделённый запятыми список запрещённых пользователей" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Оболочка по умолчанию, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Место для домашних каталогов" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "Имя используемой библиотеки NSS" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "Используемый стек PAM" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Запускаться в качестве службы (по умолчанию)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Запускаться интерактивно (не службой)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Указать файл конфигурации" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Уровень отладки" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Добавить отладочные отметки времени" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Открытый дескриптор файла для журналов отладки" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Домен поставщика информации (обязательный)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Пароли не совпадают" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", срок действия вашего кэшированного пароль истечёт:" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "Система находится в автономном режиме, невозможно сменить пароль" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Не удалось сменить пароль." -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Сообщение сервера:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Новый пароль:" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Введите новый пароль ещё раз:" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Пароль:" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Текущий пароль:" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль." diff --git a/po/sk.po b/po/sk.po index 6e91a4f4d..e85b19f10 100644 --- a/po/sk.po +++ b/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/sq.po b/po/sq.po index 425786848..a8b2b8151 100644 --- a/po/sq.po +++ b/po/sq.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/sr.po b/po/sr.po index bbe219728..0fb772cdd 100644 --- a/po/sr.po +++ b/po/sr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Serbian \n" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/sssd.pot b/po/sssd.pot index bf995b307..fc60026f5 100644 --- a/po/sssd.pot +++ b/po/sssd.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/sv.po b/po/sv.po index b7cdc99b9..ebe502bae 100644 --- a/po/sv.po +++ b/po/sv.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Swedish (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "Tidsgränslängd för uppräkningscache (sekunder)" msgid "Entry cache background update timeout length (seconds)" msgstr "Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Tidsgränslängd för negativ cache (sekunder)" @@ -147,687 +147,848 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Identifiera leverantör" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Autentiseringsleverantör" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Leverantör av åtkomstkontroll" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Leverantör av lösenordsändringar" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Identifiera leverantör" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Autentiseringsleverantör" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Leverantör av åtkomstkontroll" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Identifiera leverantör" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "Minsta användar-ID" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "Största användar-ID" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Aktivera uppräkning av alla användare/grupper" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Cache-kreditiv för frånkopplad inloggning" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Lagra lösenords-kontrollsummor" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Visa användare/grupper i fullständigt kvalificerat format" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Tidsgränslängd för postcache (sekunder)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "IPA-domän" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "IPA-serveradress" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "IPA-klienvärdnamn" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Kerberosserveradress" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Kerberosrike" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Autentiseringstidsgräns" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Katalog att lagra kreditiv-cachar i" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Plats för användarens kreditiv-cache" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Plats för nyckeltabellen för att validera kreditiv" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Aktivera validering av kreditiv" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, URI:n för LDAP-servern" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "Standard bas-DN" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Schematypen som används i LDAP-servern, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "Standard bindnings-DN" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "Typen på autenticerings-token för standard bindnings-DN" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "Autenticerings-token för standard bindnings-DN" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Tidslängd att försöka ansluta" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Tidslängd att försök synkrona LDAP-operationer" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "Tidslängd mellan försök att återansluta under frånkoppling" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Kräv TLS-certifikatverifiering" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Ange sasl-mekanismen att använda" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Ange sasl-auktorisering-id att använda" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Kerberostjänstens nyckeltabell" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Avnänd Kerberosautenticering för LDAP-anslutning" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Tidslängd att vänta på en sökbegäran" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Tidslängd mellan uppräkningsuppdateringar" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "Bas-DN för användaruppslagningar" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Omfång av användaruppslagningar" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Filter för användaruppslagningar" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Objektklass för användare" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Användarnamnsattribut" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "UID-attribut" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Primärt GID-attribut" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "GECOS-attribut" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Hemkatalogattribut" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Skalattribut" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "UUID-attribut" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Användarens huvudmansattribut (för Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Fullständigt namn" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "medlemAv-attribut" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Modifieringstidsattribut" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Bas-DN för användaruppslagningar" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Objektklass för användare" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Användarnamnsattribut" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Skalattribut" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Policy för att utvärdera utgång av lösenord" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Bas-DN för användaruppslagningar" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Tidslängd mellan uppräkningsuppdateringar" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Objektklass för användare" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Användarnamnsattribut" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Objektklass för användare" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Användarnamnsattribut" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Objektklass för användare" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Hemkatalogattribut" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "Bas-DN för användaruppslagningar" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Standardskal, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Bas för hemkataloger" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "Namnet på NSS-biblioteket att använda" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "PAM-stack att använda" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Lösenorden stämmer inte överens" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Nytt lösenord: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Skriv det nya lösenordet igen: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Lösenord: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/ta.po b/po/ta.po index 374514d15..7e9305a1f 100644 --- a/po/ta.po +++ b/po/ta.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Tamil \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/tr.po b/po/tr.po index d8123b0c7..2876a8142 100644 --- a/po/tr.po +++ b/po/tr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/uk.po b/po/uk.po index fa368de03..f228bd650 100644 --- a/po/uk.po +++ b/po/uk.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:11+0000\n" "Last-Translator: Yuri Chornoivan \n" "Language-Team: Ukrainian \n" @@ -84,7 +84,7 @@ msgstr "Тривалість часу очікування на дані кеш msgid "Entry cache background update timeout length (seconds)" msgstr "Час очікування на фонове оновлення кешу записів (у секундах)" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "Від’ємний час очікування на дані з кешу (у секундах)" @@ -162,304 +162,338 @@ msgstr "" "днем, коли завершиться строк дії пароля" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +#, fuzzy +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" +"Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для " +"запитів PAM" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "Служба профілів" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "Служба розпізнавання" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "Служба керування доступом" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "Служба зміни паролів" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "Служба профілів" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "Служба розпізнавання" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "Служба керування доступом" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "Служба профілів" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "Мін. ідентифікатор користувача" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "Макс. ідентифікатор користувача" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "Увімкнути нумерацію всіх користувачів/груп" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "Кешувати реєстраційні дані для автономного входу" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "Зберігати хеші паролів" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "Показувати записи користувачів/груп повністю" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "Тривалість кешування записів (у секундах)" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" "Обмежити або надавати перевагу певному сімейству адрес під час виконання " "пошуків DNS" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" "Тривалість зберігання кешованих записів після останнього успішного входу (у " "днях)" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" "Тривалість очікування на відповідь від DNS під час визначення адрес серверів " "(у секундах)" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "Частина запиту щодо виявлення служби DNS, пов’язана з доменом" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" "Замінити значення ідентифікатора групи від надавача профілю цим значенням" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "Враховувати регістр у іменах користувачів" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "Домен IPA" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "Адреса сервера IPA" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "Назва вузла клієнта IPA" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" "Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у " "FreeIPA" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" "Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "Шукати у базі об’єкти, пов’язані з HBAC" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" "Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "Якщо вказано правила DENY, DENY_ALL або IGNORE" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" "Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде " "проігноровано" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Адреса сервера Kerberos" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "Область Kerberos" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "Час очікування на розпізнавання" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "Каталог, де зберігатиметься кеш реєстраційних даних" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "Адреса кешу реєстраційних даних користувача" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "Адреса таблиці ключів для перевірки реєстраційних даних" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "Увімкнути перевірку реєстраційних даних" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "Поновлюваний строк дії TGT" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "Строк дії TGT" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "Граничний час між двома перевірками для поновлення" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "Вмикає FAST" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "Визначає реєстраційний запис, який слід використовувати для FAST" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "Вмикає перетворення реєстраційних записів у канонічну форму" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться " "виявити у KDC" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "ldap_uri, адреса URI сервера LDAP" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "Типова базова назва домену" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "Тип схеми, використаний на сервері LDAP, rfc2307" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "Типова назва домену прив’язки" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "Тип розпізнавання для типової назви сервера прив’язки" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "Лексема розпізнавання типової назви сервера прив’язки" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "Проміжок часу між спробами встановлення з’єднання" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" "Проміжок часу між повторними спробами встановлення з’єднання у автономному " "режимі" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "Використовувати для назв областей лише великі літери" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "Файл, що містить сертифікати CA" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "Шлях до каталогу сертифікатів CA" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "Файл, що містить клієнтський сертифікат" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "Файл, що містить клієнтський ключ" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "Показати список можливих інструментів шифрування" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "Потрібна перевірка сертифіката TLS" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "Вкажіть механізм SASL, який слід використовувати" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "Вкажіть область уповноваження SASL, яку слід використовувати" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "Таблиця ключів служби Kerberos" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "Розпізнавання Kerberos для з’єднання LDAP" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "Переходити за посиланнями LDAP" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "Строк дії TGT для з’єднання LDAP" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "Спосіб розіменування псевдонімів" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "Назва служби для пошуків за допомогою служби DNS" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" "Кількість учасників, яких має не вистачати для вмикання повного скасування " "посилань" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" @@ -467,407 +501,539 @@ msgstr "" "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою " "переведення назв вузлів у канонічну форму під час прив’язки до SASL" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "Атрибут entryUSN" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "Атрибут lastUSN" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "Тривалість очікування на дані запиту пошуку" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "Тривалість очікування на дані запиту щодо переліку" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "Проміжок часу між оновленнями нумерації" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "Проміжок часу між спорожненнями кешу" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "Вимагати TLS для пошуків ідентифікаторів" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "Базова назва домену для пошуків користувачів" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "Діапазон пошуків користувачів" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "Фільтр пошуку користувачів" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "Клас об’єктів для користувачів" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "Атрибут імені користувача" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "Атрибут UID" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "Головний атрибут GID" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "Атрибут GECOS" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "Атрибут домашнього каталогу" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "Атрибут оболонки" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "Атрибут UUID" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "Атрибут реєстраційного запису користувача (для Kerberos)" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "Повне ім'я" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "Атрибут memberOf" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "Атрибут часу зміни" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "Атрибут shadowLastChange" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "Атрибут shadowMin" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "Атрибут shadowMax" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "Атрибут shadowWarning" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "Атрибут shadowInactive" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "Атрибут shadowExpire" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "Атрибут shadowFlag" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "Атрибути зі списком уповноважених служб PAM" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "Атрибути зі списком уповноважених серверних вузлів" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "Атрибут krbLastPwdChange" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "Атрибут krbPasswordExpiration" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "Атрибут accountExpires AD" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "Атрибут userAccountControl AD" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "Атрибут nsAccountLock" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "Атрибут loginDisabled NDS" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "Атрибут loginExpirationTime NDS" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "Атрибут loginAllowedTimeMap NDS" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +#, fuzzy +msgid "SSH public key attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "Базова назва домену для пошуків груп" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "Клас об’єктів для груп" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "Назва групи" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "Пароль групи" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "Атрибут GID" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "Атрибут членства у групі" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "Атрибут UUID групи" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "Атрибут часу зміни для груп" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "Базова назва домену для пошуків груп у мережі" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "Клас об’єктів для груп у мережі" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "Назва мережевої групи" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "Атрибут членства у групах у мережі" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "Атрибут трійки груп у мережі" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "Атрибут UUID груп у мережі" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "Атрибут часу зміни для мережевих груп" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +#, fuzzy +msgid "Base DN for service lookups" +msgstr "Базова назва домену для пошуків користувачів" + +#: src/config/SSSDConfig.py:249 +#, fuzzy +msgid "Objectclass for services" +msgstr "Клас об’єктів для користувачів" + +#: src/config/SSSDConfig.py:250 +#, fuzzy +msgid "Service name attribute" +msgstr "Атрибут імені користувача" + +#: src/config/SSSDConfig.py:251 +#, fuzzy +msgid "Service port attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:252 +#, fuzzy +msgid "Service protocol attribute" +msgstr "Атрибут оболонки" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "Правила оцінки завершення строку дії пароля" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "Фільтр LDAP для визначення прав доступу" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" "Атрибути які слід використовувати для визначення чинності облікового запису" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" "Правила, які має бути використано для визначення достатності прав доступу" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "Назва у службі DNS сервера зміни паролів LDAP" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +#, fuzzy +msgid "Base DN for sudo rules lookups" +msgstr "Базова назва домену для пошуків користувачів" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "Проміжок часу між оновленнями нумерації" + +#: src/config/SSSDConfig.py:271 +#, fuzzy +msgid "Object class for sudo rules" +msgstr "Клас об’єктів для користувачів" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +#, fuzzy +msgid "Sudo rule command attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:274 +#, fuzzy +msgid "Sudo rule host attribute" +msgstr "Атрибут lastUSN" + +#: src/config/SSSDConfig.py:275 +#, fuzzy +msgid "Sudo rule user attribute" +msgstr "Атрибут членства у групі" + +#: src/config/SSSDConfig.py:276 +#, fuzzy +msgid "Sudo rule option attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:277 +#, fuzzy +msgid "Sudo rule runasuser attribute" +msgstr "Атрибут імені користувача" + +#: src/config/SSSDConfig.py:278 +#, fuzzy +msgid "Sudo rule runasgroup attribute" +msgstr "Атрибут UUID груп у мережі" + +#: src/config/SSSDConfig.py:279 +#, fuzzy +msgid "Sudo rule notbefore attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:280 +#, fuzzy +msgid "Sudo rule notafter attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:281 +#, fuzzy +msgid "Sudo rule order attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:284 +#, fuzzy +msgid "Object class for automounter maps" +msgstr "Клас об’єктів для користувачів" + +#: src/config/SSSDConfig.py:285 +#, fuzzy +msgid "Automounter map name attribute" +msgstr "Атрибут імені користувача" + +#: src/config/SSSDConfig.py:286 +#, fuzzy +msgid "Object class for automounter map entries" +msgstr "Клас об’єктів для користувачів" + +#: src/config/SSSDConfig.py:287 +#, fuzzy +msgid "Automounter map entry key attribute" +msgstr "Атрибут домашнього каталогу" + +#: src/config/SSSDConfig.py:288 +#, fuzzy +msgid "Automounter map entry value attribute" +msgstr "Атрибут трійки груп у мережі" + +#: src/config/SSSDConfig.py:289 +#, fuzzy +msgid "Base DN for automonter map lookups" +msgstr "Базова назва домену для пошуків користувачів" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "Відокремлений комами список дозволених користувачів" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "Відокремлений комами список заборонених користувачів" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "Типова оболонка, /bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "Базова адреса домашніх каталогів" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "Назва бібліотеки NSS, яку слід використовувати" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "Стек PAM, який слід використовувати" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "Запуститися фонову службу (типова поведінка)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "Запустити у інтерактивному режимі (без фонової служби)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "Вказати нетиповий файл налаштувань" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "Вивести номер версії і завершити роботу" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "Рівень зневаджування" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "Додавати діагностичні часові позначки" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "Показувати мікросекунди у часових позначках" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "Дескриптор відкритого файла для запису журналів діагностики" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "Домен надання відомостей (обов’язковий)" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "У привілейованого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "У відкритого сокета помилковий власник або права доступу." -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера." -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "SSSD запущено не від імені користувача root." -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "Сталася помилка, але не вдалося знайти її опису." -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "Неочікувана помилка під час пошуку опису помилки" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "Паролі не збігаються" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "Підтримки скидання пароля користувачем root не передбачено." -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "Розпізнано за реєстраційними даними з кешу" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ", строк дії вашого кешованого пароля завершиться: " -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "Строк дії вашого пароля вичерпано. Залишилося %d резервних входи." -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "Строк дії вашого пароля завершиться за %d %s." -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "Розпізнавання заборонено до: " -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "Система працює у автономному режимі, зміна пароля неможлива" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "Спроба зміни пароля зазнала невдачі. " -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "Повідомлення сервера: " -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "Новий пароль: " -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "Ще раз введіть новий пароль: " -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "Пароль: " -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "Поточний пароль: " -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "Строк дії пароля вичерпано. Змініть ваш пароль." diff --git a/po/vi.po b/po/vi.po index 717bf8e90..035dde191 100644 --- a/po/vi.po +++ b/po/vi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index 5b63d389b..a4b371411 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-11-30 04:10+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/" @@ -80,7 +80,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -146,687 +146,822 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 -msgid "Identity provider" +msgid "Whether to evaluate the time-based attributes in sudo rules" msgstr "" #: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 +msgid "Identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +msgid "SUDO provider" +msgstr "" + +#: src/config/SSSDConfig.py:89 +msgid "Autofs provider" +msgstr "" + +#: src/config/SSSDConfig.py:90 +msgid "Session-loading provider" +msgstr "" + +#: src/config/SSSDConfig.py:91 +msgid "Host identity provider" +msgstr "" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +msgid "Length of time between rules updates" +msgstr "" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr "" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "" diff --git a/po/zh_TW.po b/po/zh_TW.po index 3ba1c5bb2..391427516 100644 --- a/po/zh_TW.po +++ b/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n" -"POT-Creation-Date: 2011-12-22 13:38-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:10+0000\n" "Last-Translator: sgallagh \n" "Language-Team: Chinese (Taiwan) \n" @@ -79,7 +79,7 @@ msgstr "" msgid "Entry cache background update timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:58 +#: src/config/SSSDConfig.py:58 src/config/SSSDConfig.py:81 msgid "Negative cache timeout length (seconds)" msgstr "" @@ -145,687 +145,827 @@ msgid "How many days before password expiration a warning should be displayed" msgstr "" #: src/config/SSSDConfig.py:77 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:78 +msgid "" +"How many seconds to keep sudorules cached before asking the provider again" +msgstr "" + +#: src/config/SSSDConfig.py:84 msgid "Identity provider" msgstr "身分提供者" -#: src/config/SSSDConfig.py:78 +#: src/config/SSSDConfig.py:85 msgid "Authentication provider" msgstr "認證提供者" -#: src/config/SSSDConfig.py:79 +#: src/config/SSSDConfig.py:86 msgid "Access control provider" msgstr "存取控制提供者" -#: src/config/SSSDConfig.py:80 +#: src/config/SSSDConfig.py:87 msgid "Password change provider" msgstr "密碼變更提供者" -#: src/config/SSSDConfig.py:83 +#: src/config/SSSDConfig.py:88 +#, fuzzy +msgid "SUDO provider" +msgstr "身分提供者" + +#: src/config/SSSDConfig.py:89 +#, fuzzy +msgid "Autofs provider" +msgstr "認證提供者" + +#: src/config/SSSDConfig.py:90 +#, fuzzy +msgid "Session-loading provider" +msgstr "存取控制提供者" + +#: src/config/SSSDConfig.py:91 +#, fuzzy +msgid "Host identity provider" +msgstr "身分提供者" + +#: src/config/SSSDConfig.py:94 msgid "Minimum user ID" msgstr "最小的使用者 ID" -#: src/config/SSSDConfig.py:84 +#: src/config/SSSDConfig.py:95 msgid "Maximum user ID" msgstr "最大的使用者 ID" -#: src/config/SSSDConfig.py:85 +#: src/config/SSSDConfig.py:96 msgid "Enable enumerating all users/groups" msgstr "啟用所有使用者或群組的列舉" -#: src/config/SSSDConfig.py:86 +#: src/config/SSSDConfig.py:97 msgid "Cache credentials for offline login" msgstr "供離線登入使用的快取憑證" -#: src/config/SSSDConfig.py:87 +#: src/config/SSSDConfig.py:98 msgid "Store password hashes" msgstr "" -#: src/config/SSSDConfig.py:88 +#: src/config/SSSDConfig.py:99 msgid "Display users/groups in fully-qualified form" msgstr "" -#: src/config/SSSDConfig.py:89 +#: src/config/SSSDConfig.py:100 src/config/SSSDConfig.py:107 +#: src/config/SSSDConfig.py:108 src/config/SSSDConfig.py:109 +#: src/config/SSSDConfig.py:110 src/config/SSSDConfig.py:111 msgid "Entry cache timeout length (seconds)" msgstr "" -#: src/config/SSSDConfig.py:90 +#: src/config/SSSDConfig.py:101 msgid "" "Restrict or prefer a specific address family when performing DNS lookups" msgstr "" -#: src/config/SSSDConfig.py:91 +#: src/config/SSSDConfig.py:102 msgid "How long to keep cached entries after last successful login (days)" msgstr "" -#: src/config/SSSDConfig.py:92 +#: src/config/SSSDConfig.py:103 msgid "How long to wait for replies from DNS when resolving servers (seconds)" msgstr "" -#: src/config/SSSDConfig.py:93 +#: src/config/SSSDConfig.py:104 msgid "The domain part of service discovery DNS query" msgstr "" -#: src/config/SSSDConfig.py:94 +#: src/config/SSSDConfig.py:105 msgid "Override GID value from the identity provider with this value" msgstr "" -#: src/config/SSSDConfig.py:95 +#: src/config/SSSDConfig.py:106 msgid "Treat usernames as case sensitive" msgstr "" -#: src/config/SSSDConfig.py:98 +#: src/config/SSSDConfig.py:114 msgid "IPA domain" msgstr "IPA 網域" -#: src/config/SSSDConfig.py:99 +#: src/config/SSSDConfig.py:115 msgid "IPA server address" msgstr "IPA 伺服器位址" -#: src/config/SSSDConfig.py:100 +#: src/config/SSSDConfig.py:116 msgid "IPA client hostname" msgstr "IPA 客戶端主機名稱" -#: src/config/SSSDConfig.py:101 +#: src/config/SSSDConfig.py:117 msgid "Whether to automatically update the client's DNS entry in FreeIPA" msgstr "" -#: src/config/SSSDConfig.py:102 +#: src/config/SSSDConfig.py:118 msgid "The interface whose IP should be used for dynamic DNS updates" msgstr "" -#: src/config/SSSDConfig.py:103 +#: src/config/SSSDConfig.py:119 msgid "Search base for HBAC related objects" msgstr "" -#: src/config/SSSDConfig.py:104 +#: src/config/SSSDConfig.py:120 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server" msgstr "" -#: src/config/SSSDConfig.py:105 +#: src/config/SSSDConfig.py:121 msgid "If DENY rules are present, either DENY_ALL or IGNORE" msgstr "" -#: src/config/SSSDConfig.py:106 +#: src/config/SSSDConfig.py:122 msgid "If set to false, host argument given by PAM will be ignored" msgstr "" -#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110 +#: src/config/SSSDConfig.py:125 src/config/SSSDConfig.py:126 msgid "Kerberos server address" msgstr "Kerberos 伺服器位址" -#: src/config/SSSDConfig.py:111 +#: src/config/SSSDConfig.py:127 msgid "Kerberos realm" msgstr "" -#: src/config/SSSDConfig.py:112 +#: src/config/SSSDConfig.py:128 msgid "Authentication timeout" msgstr "認證逾時" -#: src/config/SSSDConfig.py:115 +#: src/config/SSSDConfig.py:131 msgid "Directory to store credential caches" msgstr "儲存憑證快取的目錄" -#: src/config/SSSDConfig.py:116 +#: src/config/SSSDConfig.py:132 msgid "Location of the user's credential cache" msgstr "使用者憑證快取的位置" -#: src/config/SSSDConfig.py:117 +#: src/config/SSSDConfig.py:133 msgid "Location of the keytab to validate credentials" msgstr "驗證憑證用的金鑰表格位置" -#: src/config/SSSDConfig.py:118 +#: src/config/SSSDConfig.py:134 msgid "Enable credential validation" msgstr "啟用憑證驗證" -#: src/config/SSSDConfig.py:119 +#: src/config/SSSDConfig.py:135 msgid "Store password if offline for later online authentication" msgstr "" -#: src/config/SSSDConfig.py:120 +#: src/config/SSSDConfig.py:136 msgid "Renewable lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:121 +#: src/config/SSSDConfig.py:137 msgid "Lifetime of the TGT" msgstr "" -#: src/config/SSSDConfig.py:122 +#: src/config/SSSDConfig.py:138 msgid "Time between two checks for renewal" msgstr "" -#: src/config/SSSDConfig.py:123 +#: src/config/SSSDConfig.py:139 msgid "Enables FAST" msgstr "" -#: src/config/SSSDConfig.py:124 +#: src/config/SSSDConfig.py:140 msgid "Selects the principal to use for FAST" msgstr "" -#: src/config/SSSDConfig.py:125 +#: src/config/SSSDConfig.py:141 msgid "Enables principal canonicalization" msgstr "" -#: src/config/SSSDConfig.py:128 +#: src/config/SSSDConfig.py:144 msgid "Server where the change password service is running if not on the KDC" msgstr "" -#: src/config/SSSDConfig.py:131 +#: src/config/SSSDConfig.py:147 msgid "ldap_uri, The URI of the LDAP server" msgstr "" -#: src/config/SSSDConfig.py:132 +#: src/config/SSSDConfig.py:148 msgid "The default base DN" msgstr "" -#: src/config/SSSDConfig.py:133 +#: src/config/SSSDConfig.py:149 msgid "The Schema Type in use on the LDAP server, rfc2307" msgstr "" -#: src/config/SSSDConfig.py:134 +#: src/config/SSSDConfig.py:150 msgid "The default bind DN" msgstr "" -#: src/config/SSSDConfig.py:135 +#: src/config/SSSDConfig.py:151 msgid "The type of the authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:136 +#: src/config/SSSDConfig.py:152 msgid "The authentication token of the default bind DN" msgstr "" -#: src/config/SSSDConfig.py:137 +#: src/config/SSSDConfig.py:153 msgid "Length of time to attempt connection" msgstr "" -#: src/config/SSSDConfig.py:138 +#: src/config/SSSDConfig.py:154 msgid "Length of time to attempt synchronous LDAP operations" msgstr "" -#: src/config/SSSDConfig.py:139 +#: src/config/SSSDConfig.py:155 msgid "Length of time between attempts to reconnect while offline" msgstr "" -#: src/config/SSSDConfig.py:140 +#: src/config/SSSDConfig.py:156 msgid "Use only the upper case for realm names" msgstr "" -#: src/config/SSSDConfig.py:141 +#: src/config/SSSDConfig.py:157 msgid "File that contains CA certificates" msgstr "" -#: src/config/SSSDConfig.py:142 +#: src/config/SSSDConfig.py:158 msgid "Path to CA certificate directory" msgstr "" -#: src/config/SSSDConfig.py:143 +#: src/config/SSSDConfig.py:159 msgid "File that contains the client certificate" msgstr "" -#: src/config/SSSDConfig.py:144 +#: src/config/SSSDConfig.py:160 msgid "File that contains the client key" msgstr "" -#: src/config/SSSDConfig.py:145 +#: src/config/SSSDConfig.py:161 msgid "List of possible ciphers suites" msgstr "" -#: src/config/SSSDConfig.py:146 +#: src/config/SSSDConfig.py:162 msgid "Require TLS certificate verification" msgstr "需要 TLS 憑證驗證" -#: src/config/SSSDConfig.py:147 +#: src/config/SSSDConfig.py:163 msgid "Specify the sasl mechanism to use" msgstr "指定要使用的 sasl 機制" -#: src/config/SSSDConfig.py:148 +#: src/config/SSSDConfig.py:164 msgid "Specify the sasl authorization id to use" msgstr "指定要使用的 sasl 認證 id" -#: src/config/SSSDConfig.py:149 +#: src/config/SSSDConfig.py:165 msgid "Specify the sasl authorization realm to use" msgstr "" -#: src/config/SSSDConfig.py:150 +#: src/config/SSSDConfig.py:166 msgid "Specify the minimal SSF for LDAP sasl authorization" msgstr "" -#: src/config/SSSDConfig.py:151 +#: src/config/SSSDConfig.py:167 msgid "Kerberos service keytab" msgstr "" -#: src/config/SSSDConfig.py:152 +#: src/config/SSSDConfig.py:168 msgid "Use Kerberos auth for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:153 +#: src/config/SSSDConfig.py:169 msgid "Follow LDAP referrals" msgstr "" -#: src/config/SSSDConfig.py:154 +#: src/config/SSSDConfig.py:170 msgid "Lifetime of TGT for LDAP connection" msgstr "" -#: src/config/SSSDConfig.py:155 +#: src/config/SSSDConfig.py:171 msgid "How to dereference aliases" msgstr "" -#: src/config/SSSDConfig.py:156 +#: src/config/SSSDConfig.py:172 msgid "Service name for DNS service lookups" msgstr "" -#: src/config/SSSDConfig.py:157 +#: src/config/SSSDConfig.py:173 msgid "The number of records to retrieve in a single LDAP query" msgstr "" -#: src/config/SSSDConfig.py:158 +#: src/config/SSSDConfig.py:174 msgid "The number of members that must be missing to trigger a full deref" msgstr "" -#: src/config/SSSDConfig.py:159 +#: src/config/SSSDConfig.py:175 msgid "" "Whether the LDAP library should perform a reverse lookup to canonicalize the " "host name during a SASL bind" msgstr "" -#: src/config/SSSDConfig.py:161 +#: src/config/SSSDConfig.py:177 msgid "entryUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:162 +#: src/config/SSSDConfig.py:178 msgid "lastUSN attribute" msgstr "" -#: src/config/SSSDConfig.py:164 +#: src/config/SSSDConfig.py:180 msgid "How long to retain a connection to the LDAP server before disconnecting" msgstr "" -#: src/config/SSSDConfig.py:167 +#: src/config/SSSDConfig.py:182 +msgid "Disable the LDAP paging control" +msgstr "" + +#: src/config/SSSDConfig.py:185 msgid "Length of time to wait for a search request" msgstr "搜尋請求的等候時間長度" -#: src/config/SSSDConfig.py:168 +#: src/config/SSSDConfig.py:186 msgid "Length of time to wait for a enumeration request" msgstr "" -#: src/config/SSSDConfig.py:169 +#: src/config/SSSDConfig.py:187 msgid "Length of time between enumeration updates" msgstr "" -#: src/config/SSSDConfig.py:170 +#: src/config/SSSDConfig.py:188 msgid "Length of time between cache cleanups" msgstr "" -#: src/config/SSSDConfig.py:171 +#: src/config/SSSDConfig.py:189 msgid "Require TLS for ID lookups" msgstr "" -#: src/config/SSSDConfig.py:172 +#: src/config/SSSDConfig.py:190 msgid "Base DN for user lookups" msgstr "" -#: src/config/SSSDConfig.py:173 +#: src/config/SSSDConfig.py:191 msgid "Scope of user lookups" msgstr "" -#: src/config/SSSDConfig.py:174 +#: src/config/SSSDConfig.py:192 msgid "Filter for user lookups" msgstr "" -#: src/config/SSSDConfig.py:175 +#: src/config/SSSDConfig.py:193 msgid "Objectclass for users" msgstr "" -#: src/config/SSSDConfig.py:176 +#: src/config/SSSDConfig.py:194 msgid "Username attribute" msgstr "" -#: src/config/SSSDConfig.py:178 +#: src/config/SSSDConfig.py:196 msgid "UID attribute" msgstr "" -#: src/config/SSSDConfig.py:179 +#: src/config/SSSDConfig.py:197 msgid "Primary GID attribute" msgstr "" -#: src/config/SSSDConfig.py:180 +#: src/config/SSSDConfig.py:198 msgid "GECOS attribute" msgstr "" -#: src/config/SSSDConfig.py:181 +#: src/config/SSSDConfig.py:199 msgid "Home directory attribute" msgstr "" -#: src/config/SSSDConfig.py:182 +#: src/config/SSSDConfig.py:200 msgid "Shell attribute" msgstr "" -#: src/config/SSSDConfig.py:183 +#: src/config/SSSDConfig.py:201 msgid "UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:184 +#: src/config/SSSDConfig.py:202 msgid "User principal attribute (for Kerberos)" msgstr "" -#: src/config/SSSDConfig.py:185 +#: src/config/SSSDConfig.py:203 msgid "Full Name" msgstr "全名" -#: src/config/SSSDConfig.py:186 +#: src/config/SSSDConfig.py:204 msgid "memberOf attribute" msgstr "" -#: src/config/SSSDConfig.py:187 +#: src/config/SSSDConfig.py:205 msgid "Modification time attribute" msgstr "" -#: src/config/SSSDConfig.py:189 +#: src/config/SSSDConfig.py:207 msgid "shadowLastChange attribute" msgstr "" -#: src/config/SSSDConfig.py:190 +#: src/config/SSSDConfig.py:208 msgid "shadowMin attribute" msgstr "" -#: src/config/SSSDConfig.py:191 +#: src/config/SSSDConfig.py:209 msgid "shadowMax attribute" msgstr "" -#: src/config/SSSDConfig.py:192 +#: src/config/SSSDConfig.py:210 msgid "shadowWarning attribute" msgstr "" -#: src/config/SSSDConfig.py:193 +#: src/config/SSSDConfig.py:211 msgid "shadowInactive attribute" msgstr "" -#: src/config/SSSDConfig.py:194 +#: src/config/SSSDConfig.py:212 msgid "shadowExpire attribute" msgstr "" -#: src/config/SSSDConfig.py:195 +#: src/config/SSSDConfig.py:213 msgid "shadowFlag attribute" msgstr "" -#: src/config/SSSDConfig.py:196 +#: src/config/SSSDConfig.py:214 msgid "Attribute listing authorized PAM services" msgstr "" -#: src/config/SSSDConfig.py:197 +#: src/config/SSSDConfig.py:215 msgid "Attribute listing authorized server hosts" msgstr "" -#: src/config/SSSDConfig.py:198 +#: src/config/SSSDConfig.py:216 msgid "krbLastPwdChange attribute" msgstr "" -#: src/config/SSSDConfig.py:199 +#: src/config/SSSDConfig.py:217 msgid "krbPasswordExpiration attribute" msgstr "" -#: src/config/SSSDConfig.py:200 +#: src/config/SSSDConfig.py:218 msgid "Attribute indicating that server side password policies are active" msgstr "" -#: src/config/SSSDConfig.py:201 +#: src/config/SSSDConfig.py:219 msgid "accountExpires attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:202 +#: src/config/SSSDConfig.py:220 msgid "userAccountControl attribute of AD" msgstr "" -#: src/config/SSSDConfig.py:203 +#: src/config/SSSDConfig.py:221 msgid "nsAccountLock attribute" msgstr "" -#: src/config/SSSDConfig.py:204 +#: src/config/SSSDConfig.py:222 msgid "loginDisabled attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:205 +#: src/config/SSSDConfig.py:223 msgid "loginExpirationTime attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:206 +#: src/config/SSSDConfig.py:224 msgid "loginAllowedTimeMap attribute of NDS" msgstr "" -#: src/config/SSSDConfig.py:208 +#: src/config/SSSDConfig.py:225 +msgid "SSH public key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:227 msgid "Base DN for group lookups" msgstr "" -#: src/config/SSSDConfig.py:211 +#: src/config/SSSDConfig.py:230 msgid "Objectclass for groups" msgstr "" -#: src/config/SSSDConfig.py:212 +#: src/config/SSSDConfig.py:231 msgid "Group name" msgstr "" -#: src/config/SSSDConfig.py:213 +#: src/config/SSSDConfig.py:232 msgid "Group password" msgstr "" -#: src/config/SSSDConfig.py:214 +#: src/config/SSSDConfig.py:233 msgid "GID attribute" msgstr "" -#: src/config/SSSDConfig.py:215 +#: src/config/SSSDConfig.py:234 msgid "Group member attribute" msgstr "" -#: src/config/SSSDConfig.py:216 +#: src/config/SSSDConfig.py:235 msgid "Group UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:217 +#: src/config/SSSDConfig.py:236 msgid "Modification time attribute for groups" msgstr "" -#: src/config/SSSDConfig.py:219 +#: src/config/SSSDConfig.py:238 msgid "Maximum nesting level SSSd will follow" msgstr "" -#: src/config/SSSDConfig.py:221 +#: src/config/SSSDConfig.py:240 msgid "Base DN for netgroup lookups" msgstr "" -#: src/config/SSSDConfig.py:222 +#: src/config/SSSDConfig.py:241 msgid "Objectclass for netgroups" msgstr "" -#: src/config/SSSDConfig.py:223 +#: src/config/SSSDConfig.py:242 msgid "Netgroup name" msgstr "" -#: src/config/SSSDConfig.py:224 +#: src/config/SSSDConfig.py:243 msgid "Netgroups members attribute" msgstr "" -#: src/config/SSSDConfig.py:225 +#: src/config/SSSDConfig.py:244 msgid "Netgroup triple attribute" msgstr "" -#: src/config/SSSDConfig.py:226 +#: src/config/SSSDConfig.py:245 msgid "Netgroup UUID attribute" msgstr "" -#: src/config/SSSDConfig.py:227 +#: src/config/SSSDConfig.py:246 msgid "Modification time attribute for netgroups" msgstr "" -#: src/config/SSSDConfig.py:230 +#: src/config/SSSDConfig.py:248 +msgid "Base DN for service lookups" +msgstr "" + +#: src/config/SSSDConfig.py:249 +msgid "Objectclass for services" +msgstr "" + +#: src/config/SSSDConfig.py:250 +msgid "Service name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:251 +msgid "Service port attribute" +msgstr "" + +#: src/config/SSSDConfig.py:252 +msgid "Service protocol attribute" +msgstr "" + +#: src/config/SSSDConfig.py:256 msgid "Policy to evaluate the password expiration" msgstr "評估密碼過期時效的策略" -#: src/config/SSSDConfig.py:233 +#: src/config/SSSDConfig.py:259 msgid "LDAP filter to determine access privileges" msgstr "" -#: src/config/SSSDConfig.py:234 +#: src/config/SSSDConfig.py:260 msgid "Which attributes shall be used to evaluate if an account is expired" msgstr "" -#: src/config/SSSDConfig.py:235 +#: src/config/SSSDConfig.py:261 msgid "Which rules should be used to evaluate access control" msgstr "" -#: src/config/SSSDConfig.py:238 +#: src/config/SSSDConfig.py:264 msgid "URI of an LDAP server where password changes are allowed" msgstr "" -#: src/config/SSSDConfig.py:239 +#: src/config/SSSDConfig.py:265 msgid "DNS service name for LDAP password change server" msgstr "" -#: src/config/SSSDConfig.py:242 +#: src/config/SSSDConfig.py:268 +msgid "Base DN for sudo rules lookups" +msgstr "" + +#: src/config/SSSDConfig.py:269 +msgid "Enable periodical update of all sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:270 +#, fuzzy +msgid "Length of time between rules updates" +msgstr "搜尋請求的等候時間長度" + +#: src/config/SSSDConfig.py:271 +msgid "Object class for sudo rules" +msgstr "" + +#: src/config/SSSDConfig.py:272 +msgid "Sudo rule name" +msgstr "" + +#: src/config/SSSDConfig.py:273 +msgid "Sudo rule command attribute" +msgstr "" + +#: src/config/SSSDConfig.py:274 +msgid "Sudo rule host attribute" +msgstr "" + +#: src/config/SSSDConfig.py:275 +msgid "Sudo rule user attribute" +msgstr "" + +#: src/config/SSSDConfig.py:276 +msgid "Sudo rule option attribute" +msgstr "" + +#: src/config/SSSDConfig.py:277 +msgid "Sudo rule runasuser attribute" +msgstr "" + +#: src/config/SSSDConfig.py:278 +msgid "Sudo rule runasgroup attribute" +msgstr "" + +#: src/config/SSSDConfig.py:279 +msgid "Sudo rule notbefore attribute" +msgstr "" + +#: src/config/SSSDConfig.py:280 +msgid "Sudo rule notafter attribute" +msgstr "" + +#: src/config/SSSDConfig.py:281 +msgid "Sudo rule order attribute" +msgstr "" + +#: src/config/SSSDConfig.py:284 +msgid "Object class for automounter maps" +msgstr "" + +#: src/config/SSSDConfig.py:285 +msgid "Automounter map name attribute" +msgstr "" + +#: src/config/SSSDConfig.py:286 +msgid "Object class for automounter map entries" +msgstr "" + +#: src/config/SSSDConfig.py:287 +msgid "Automounter map entry key attribute" +msgstr "" + +#: src/config/SSSDConfig.py:288 +msgid "Automounter map entry value attribute" +msgstr "" + +#: src/config/SSSDConfig.py:289 +msgid "Base DN for automonter map lookups" +msgstr "" + +#: src/config/SSSDConfig.py:292 msgid "Comma separated list of allowed users" msgstr "許可的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig.py:243 +#: src/config/SSSDConfig.py:293 msgid "Comma separated list of prohibited users" msgstr "被禁止的使用者清單,請使用半形逗號作為分隔" -#: src/config/SSSDConfig.py:246 +#: src/config/SSSDConfig.py:296 msgid "Default shell, /bin/bash" msgstr "預設 shell,/bin/bash" -#: src/config/SSSDConfig.py:247 +#: src/config/SSSDConfig.py:297 msgid "Base for home directories" msgstr "" -#: src/config/SSSDConfig.py:250 +#: src/config/SSSDConfig.py:300 msgid "The name of the NSS library to use" msgstr "要使用的 NSS 函式庫名稱" -#: src/config/SSSDConfig.py:253 +#: src/config/SSSDConfig.py:303 msgid "PAM stack to use" msgstr "要使用的 PAM 堆疊" -#: src/monitor/monitor.c:2398 +#: src/monitor/monitor.c:2399 msgid "Become a daemon (default)" msgstr "作為幕後程式 (預設)" -#: src/monitor/monitor.c:2400 +#: src/monitor/monitor.c:2401 msgid "Run interactive (not a daemon)" msgstr "以互動方式執行 (非幕後程式)" -#: src/monitor/monitor.c:2402 +#: src/monitor/monitor.c:2403 msgid "Specify a non-default config file" msgstr "指定非預設的配置檔" -#: src/monitor/monitor.c:2404 +#: src/monitor/monitor.c:2405 msgid "Print version number and exit" msgstr "" -#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:373 +#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381 #: src/util/util.h:89 msgid "Debug level" msgstr "除錯層級" -#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:375 +#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383 #: src/util/util.h:93 msgid "Add debug timestamps" msgstr "加入除錯時間戳記" -#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:377 +#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385 #: src/util/util.h:95 msgid "Show timestamps with microseconds" msgstr "" -#: src/providers/krb5/krb5_child.c:1580 src/providers/ldap/ldap_child.c:379 +#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387 msgid "An open file descriptor for the debug logs" msgstr "" -#: src/providers/data_provider_be.c:1363 +#: src/providers/data_provider_be.c:1949 msgid "Domain of the information provider (mandatory)" msgstr "" -#: src/sss_client/common.c:839 +#: src/sss_client/common.c:878 msgid "Privileged socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:842 +#: src/sss_client/common.c:881 msgid "Public socket has wrong ownership or permissions." msgstr "" -#: src/sss_client/common.c:845 +#: src/sss_client/common.c:884 msgid "Unexpected format of the server credential message." msgstr "" -#: src/sss_client/common.c:848 +#: src/sss_client/common.c:887 msgid "SSSD is not run by root." msgstr "" -#: src/sss_client/common.c:853 +#: src/sss_client/common.c:892 msgid "An error occurred, but no description can be found." msgstr "" -#: src/sss_client/common.c:859 +#: src/sss_client/common.c:898 msgid "Unexpected error while looking for an error description" msgstr "" -#: src/sss_client/pam_sss.c:374 +#: src/sss_client/pam_sss.c:376 msgid "Passwords do not match" msgstr "密碼不相符" -#: src/sss_client/pam_sss.c:567 +#: src/sss_client/pam_sss.c:569 msgid "Password reset by root is not supported." msgstr "" -#: src/sss_client/pam_sss.c:608 +#: src/sss_client/pam_sss.c:610 msgid "Authenticated with cached credentials" msgstr "" -#: src/sss_client/pam_sss.c:609 +#: src/sss_client/pam_sss.c:611 msgid ", your cached password will expire at: " msgstr ",您快取的密碼將在此刻過期:" -#: src/sss_client/pam_sss.c:639 +#: src/sss_client/pam_sss.c:641 #, c-format msgid "Your password has expired. You have %d grace login(s) remaining." msgstr "" -#: src/sss_client/pam_sss.c:685 +#: src/sss_client/pam_sss.c:687 #, c-format msgid "Your password will expire in %d %s." msgstr "" -#: src/sss_client/pam_sss.c:734 +#: src/sss_client/pam_sss.c:736 msgid "Authentication is denied until: " msgstr "" -#: src/sss_client/pam_sss.c:755 +#: src/sss_client/pam_sss.c:757 msgid "System is offline, password change not possible" msgstr "系統已離線,不可能作密碼變更" -#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798 +#: src/sss_client/pam_sss.c:787 src/sss_client/pam_sss.c:800 msgid "Password change failed. " msgstr "密碼變更失敗。" -#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799 +#: src/sss_client/pam_sss.c:790 src/sss_client/pam_sss.c:801 msgid "Server message: " msgstr "伺服器訊息:" -#: src/sss_client/pam_sss.c:1217 +#: src/sss_client/pam_sss.c:1276 msgid "New Password: " msgstr "新密碼:" -#: src/sss_client/pam_sss.c:1218 +#: src/sss_client/pam_sss.c:1277 msgid "Reenter new Password: " msgstr "再次輸入新密碼:" -#: src/sss_client/pam_sss.c:1304 +#: src/sss_client/pam_sss.c:1363 msgid "Password: " msgstr "密碼:" -#: src/sss_client/pam_sss.c:1336 +#: src/sss_client/pam_sss.c:1395 msgid "Current Password: " msgstr "目前的密碼:" -#: src/sss_client/pam_sss.c:1483 +#: src/sss_client/pam_sss.c:1542 msgid "Password expired. Change your password now." msgstr "密碼已過期。請立刻變更您的密碼。" diff --git a/src/man/po/as.po b/src/man/po/as.po index 8e0856e59..179843e9b 100644 --- a/src/man/po/as.po +++ b/src/man/po/as.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/bn.po b/src/man/po/bn.po index 3148aa1a3..3a83e68ad 100644 --- a/src/man/po/bn.po +++ b/src/man/po/bn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Bengali <info@ankur.org.bd>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/bs.po b/src/man/po/bs.po index 8c8a0f48d..e55f3997f 100644 --- a/src/man/po/bs.po +++ b/src/man/po/bs.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Bosnian (http://www.transifex.net/projects/p/fedora/team/" @@ -107,9 +107,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -216,7 +216,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -245,33 +245,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -280,19 +281,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -300,7 +301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -308,19 +309,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -328,17 +329,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -347,7 +348,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -355,40 +356,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -406,12 +407,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -420,60 +421,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -482,45 +484,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -528,7 +530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -538,7 +540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -547,17 +549,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -565,17 +567,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -584,78 +586,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -663,138 +665,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -802,59 +804,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -862,7 +864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -871,17 +873,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -889,29 +891,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -920,56 +1001,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -979,14 +1060,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -995,44 +1076,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1041,47 +1176,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1090,19 +1225,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1110,7 +1245,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1118,30 +1253,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1149,17 +1284,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1168,24 +1303,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1193,7 +1328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1201,7 +1336,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1209,72 +1344,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1282,51 +1477,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1334,29 +1529,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1364,19 +1559,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1384,73 +1579,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1458,17 +1653,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1477,17 +1672,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1495,17 +1690,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1513,18 +1708,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1554,7 +1749,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1563,7 +1758,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1884,7 +2079,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1944,7 +2139,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1954,14 +2149,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2230,11 +2425,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2243,29 +2448,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2273,52 +2478,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2326,24 +2533,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2351,89 +2558,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2441,114 +2648,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2556,7 +2847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2564,17 +2855,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2582,17 +2873,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2603,12 +2894,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2616,12 +2907,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2630,48 +2921,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2680,7 +2999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2688,26 +3007,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2715,7 +3034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2723,7 +3042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2731,41 +3050,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2774,38 +3093,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2813,90 +3132,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2904,27 +3223,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2936,7 +3255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2944,7 +3263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2952,62 +3271,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3015,61 +3333,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3079,12 +3397,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3093,14 +3411,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3109,24 +3427,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3134,19 +3452,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3155,7 +3473,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3163,7 +3481,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3172,89 +3490,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3271,74 +3589,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3346,33 +3944,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3380,7 +4000,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3388,7 +4008,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3402,18 +4022,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3422,7 +4042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3876,73 +4496,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3950,12 +4605,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3963,17 +4618,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3982,144 +4637,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4127,7 +4936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4137,7 +4946,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/ca.po b/src/man/po/ca.po index 210cae26c..f0a20d9f6 100644 --- a/src/man/po/ca.po +++ b/src/man/po/ca.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Catalan <fedora@llistes.softcatala.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/cs.po b/src/man/po/cs.po index 2990d5727..845035434 100644 --- a/src/man/po/cs.po +++ b/src/man/po/cs.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Czech (http://www.transifex.net/projects/p/fedora/team/cs/)\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,358 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +#, fuzzy +#| msgid "OPTIONS" +msgid "SUDO OPTIONS" +msgstr "VOLBY" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +#, fuzzy +#| msgid "OPTIONS" +msgid "AUTOFS OPTIONS" +msgstr "VOLBY" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3947,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +4003,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4011,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4025,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4045,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3877,73 +4501,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3951,12 +4610,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3964,17 +4623,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3983,144 +4642,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4128,7 +4941,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4138,7 +4951,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/de.po b/src/man/po/de.po index 3a56aba88..959fcdf67 100644 --- a/src/man/po/de.po +++ b/src/man/po/de.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: German <trans-de@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/el.po b/src/man/po/el.po index 917d588fe..989dfa8b2 100644 --- a/src/man/po/el.po +++ b/src/man/po/el.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Greek <trans-el@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/es.po b/src/man/po/es.po index 4f1057cc7..3b32a9fb6 100644 --- a/src/man/po/es.po +++ b/src/man/po/es.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Spanish (Castilian) <trans-es@lists.fedoraproject.org>\n" @@ -120,9 +120,9 @@ msgstr "" "<replaceable>GROUPS</replaceable>" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -257,7 +257,7 @@ msgid "The [sssd] section" msgstr "La sección [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "Parámetros de sección" @@ -290,16 +290,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" -msgstr "Servicios soportados: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entero)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -308,17 +309,17 @@ msgstr "" "de datos del proveedor, o de reiniciarse antes de abandonar" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "Predeterminado: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "dominios" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -332,12 +333,12 @@ msgstr "" "consultados." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "re_expression (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." @@ -346,7 +347,7 @@ msgstr "" "nombre de usuariosy dominio en estos componentes." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -357,7 +358,7 @@ msgstr "" "el nombre, el dominio es el resto detrás de este signo\"" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -365,7 +366,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." @@ -374,12 +375,12 @@ msgstr "" "soportan la sintaxis Python (?P<name>) para identificar subpatrones." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "full_name_format (cadena)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -390,17 +391,17 @@ msgstr "" "traducir una tupla (nombre, dominio), a un nombre totalmente calificado." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Predeterminado: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "try_inotify (booleano)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -413,7 +414,7 @@ msgstr "" "segundos en caso que inotify no pueda ser utilizado." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -424,7 +425,7 @@ msgstr "" "'false' " #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." @@ -433,7 +434,7 @@ msgstr "" "en el resto de las plataformas." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." @@ -443,12 +444,12 @@ msgstr "" "utilizada siempre." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." @@ -457,14 +458,14 @@ msgstr "" "reproducción de cache de Kerberos." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -482,12 +483,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "SECCIONES DE SERVICIOS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -496,60 +497,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -558,45 +560,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -604,7 +606,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -614,7 +616,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -623,17 +625,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -641,17 +643,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -660,78 +662,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -739,138 +741,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -878,59 +880,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -938,7 +940,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -947,17 +949,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -965,29 +967,112 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: 180" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +#, fuzzy +#| msgid "reconnection_retries (integer)" +msgid "autofs_negative_timeout (integer)" +msgstr "reconnection_retries (entero)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -996,56 +1081,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -1055,14 +1140,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1071,44 +1156,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1117,47 +1256,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1166,19 +1305,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1186,7 +1325,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1194,30 +1333,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1225,17 +1364,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1244,24 +1383,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1269,7 +1408,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1277,7 +1416,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1285,72 +1424,134 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +#, fuzzy +#| msgid "re_expression (string)" +msgid "session_provider (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1358,51 +1559,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1410,29 +1611,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1440,19 +1641,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1460,73 +1661,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1534,17 +1735,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1553,17 +1754,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1571,17 +1772,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1589,18 +1790,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1630,7 +1831,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1639,7 +1840,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1960,7 +2161,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -2020,7 +2221,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -2030,14 +2231,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2306,11 +2507,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2319,29 +2530,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2349,52 +2560,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2402,24 +2615,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2427,89 +2640,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2517,114 +2730,204 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ipService" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +#, fuzzy +#| msgid "full_name_format (string)" +msgid "ldap_service_port (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ldap_service_proto (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2632,7 +2935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2640,17 +2943,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2658,17 +2961,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2679,12 +2982,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2692,12 +2995,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2706,34 +3009,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1088 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1106 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2741,13 +3072,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1112 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2756,7 +3087,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2764,26 +3095,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2791,7 +3122,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2799,7 +3130,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2807,41 +3138,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2850,38 +3181,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2889,90 +3220,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2980,27 +3311,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3012,7 +3343,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3020,7 +3351,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3028,62 +3359,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 +#, fuzzy +#| msgid "" +#| "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +#| "manvolnum> </citerefentry>-compatible format that describes how to " +#| "translate a (name, domain) tuple into a fully qualified name." msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" +"Un formato compatible con <citerefentry> <refentrytitle>printf</" +"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> que describe cómo " +"traducir una tupla (nombre, dominio), a un nombre totalmente calificado." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3091,61 +3429,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3155,12 +3493,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3169,252 +3507,554 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 +msgid "" +"Offline caching for this feature is limited to determining whether the " +"user's last online login was granted access permission. If they were granted " +"access during their last login, they will continue to be granted access " +"while offline and vice-versa." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 +msgid "Default: Empty" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1518 +msgid "ldap_account_expire_policy (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1521 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1532 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1540 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1547 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1553 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1568 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1571 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1575 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1578 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1582 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1587 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1591 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1594 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1601 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1604 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1613 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1623 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1628 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1639 +#, fuzzy +#| msgid "OPTIONS" +msgid "SUDO OPTIONS" +msgstr "OPCIONES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoRole" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +#, fuzzy +#| msgid "full_name_format (string)" +msgid "ldap_sudorule_name (string)" +msgstr "full_name_format (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoCommand" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1685 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoHost" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1703 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoUser" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ldap_sudorule_option (string)" +msgstr "re_expression (cadena)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoOption" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 msgid "" -"Offline caching for this feature is limited to determining whether the " -"user's last online login was granted access permission. If they were granted " -"access during their last login, they will continue to be granted access " -"while offline and vice-versa." +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 -msgid "Default: Empty" +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 -msgid "ldap_account_expire_policy (string)" +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1738 msgid "" -"With this option a client side evaluation of access control attributes can " -"be enabled." +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 -msgid "" -"Please note that it is always recommended to use server side access control, " -"i.e. the LDAP server should deny the bind request with a suitable error code " -"even if the password is correct." +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 -msgid "The following values are allowed:" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1751 msgid "" -"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " -"determine if the account is expired." +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 -msgid "" -"<emphasis>ad</emphasis>: use the value of the 32bit field " -"ldap_user_ad_user_account_control and allow access if the second bit is not " -"set. If the attribute is missing access is granted. Also the expiration time " -"of the account is checked." +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1764 msgid "" -"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" -"emphasis>: use the value of ldap_ns_account_lock to check if access is " -"allowed or not." +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 -msgid "" -"<emphasis>nds</emphasis>: the values of " -"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " -"ldap_user_nds_login_expiration_time are used to check if access is allowed. " -"If both attributes are missing access is granted." +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 -msgid "ldap_access_order (string)" +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 -msgid "Comma separated list of access control options. Allowed values are:" +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 -msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +#: sssd-ldap.5.xml:1782 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoOrder" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 -msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1804 msgid "" -"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " -"to determine access" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 -msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 -msgid "Default: filter" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +#, fuzzy +#| msgid "OPTIONS" +msgid "AUTOFS OPTIONS" +msgstr "OPCIONES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 msgid "" -"Please note that it is a configuration error if a value is used more than " -"once." +"Please note that the default values correspond to the default schema which " +"is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 -msgid "ldap_deref (string)" +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 -msgid "" -"Specifies how alias dereferencing is done when performing a search. The " -"following options are allowed:" +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 -msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 -msgid "" -"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " -"the base object, but not in locating the base object of the search." +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 -msgid "" -"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " -"the base object of the search." +#: sssd-ldap.5.xml:1853 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ou" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 msgid "" -"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " -"in locating the base object of the search." +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 -msgid "" -"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " -"client libraries)" +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:1832 msgid "" -"All of the common configuration options that apply to SSSD domains also " -"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " -"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" -"manvolnum> </citerefentry> manual page for full details. <placeholder type=" -"\"variablelist\" id=\"0\"/>" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 +#: sssd-ldap.5.xml:1904 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 +#: sssd-ldap.5.xml:1911 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1914 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 -msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." -msgstr "" - -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3422,33 +4062,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3456,7 +4118,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3464,7 +4126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3478,18 +4140,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3498,7 +4160,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3952,73 +4614,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -4026,12 +4723,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4039,17 +4736,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4058,144 +4755,302 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: seeAlso" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ipaUniqueID" +msgstr "Predeterminado: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4203,7 +5058,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4213,7 +5068,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -5565,3 +6420,6 @@ msgstr "" #: include/param_help.xml:7 msgid "Display help message and exit." msgstr "" + +#~ msgid "Supported services: nss, pam" +#~ msgstr "Servicios soportados: nss, pam" diff --git a/src/man/po/et.po b/src/man/po/et.po index 75ec9a851..03f4be964 100644 --- a/src/man/po/et.po +++ b/src/man/po/et.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/fa.po b/src/man/po/fa.po index 15377e477..de3a3f4dd 100644 --- a/src/man/po/fa.po +++ b/src/man/po/fa.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/fi.po b/src/man/po/fi.po index e7b8703d3..63d2e439a 100644 --- a/src/man/po/fi.po +++ b/src/man/po/fi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/fr.po b/src/man/po/fr.po index 0de32a368..9fdfaa398 100644 --- a/src/man/po/fr.po +++ b/src/man/po/fr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: French <trans-fr@lists.fedoraproject.org>\n" @@ -119,9 +119,9 @@ msgstr "" "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -251,7 +251,7 @@ msgid "The [sssd] section" msgstr "La section [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "Paramètres de section" @@ -283,16 +283,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" -msgstr "Services supportés : nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -301,17 +302,17 @@ msgstr "" "redémarrer dans le cas d'un plantage du « Data Provider » avant d'abandonner" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "Défaut : 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "domaines" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -324,12 +325,12 @@ msgstr "" "domaines dans l'ordre où vous voulez les appeler." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "re_expression (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." @@ -338,7 +339,7 @@ msgstr "" "contenant les informations utilisateur et les domaines vers les composants." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -349,7 +350,7 @@ msgstr "" "le domaine après »" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -361,7 +362,7 @@ msgstr "" "fonction." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." @@ -370,12 +371,12 @@ msgstr "" "syntaxe Python (?P<name>) pour nommer les sous-modèles." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "full_name_format (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -383,17 +384,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Défaut : <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "try_inotify (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -402,7 +403,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -412,7 +413,7 @@ msgstr "" "conseillée. Dans ces rares cas, cette option devrait être mise à « false »" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." @@ -421,7 +422,7 @@ msgstr "" "autres plateformes." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." @@ -430,26 +431,26 @@ msgstr "" "pas accessible. Sur celles-ci, la requête sera toujours utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -473,12 +474,12 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "SECTIONS SERVICES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -491,60 +492,61 @@ msgstr "" "<quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "Ces options peuvent être utilisées pour configurer les services." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "debug_level (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "Ajoute un horodatage aux messages de débogage" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "Défaut : true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "command (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -557,17 +559,17 @@ msgstr "" "défaut sont suffisantes." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "Défaut : <command>sssd_${service_name}</command>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "Options de configuration NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -575,29 +577,29 @@ msgstr "" "Switch (NSS)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "Défaut : 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -608,7 +610,7 @@ msgstr "" "valeur de entry_cache_timeout pour le domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -623,7 +625,7 @@ msgstr "" "requêtes ne seront pas bloquées en attendant une mise à jour du cache." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -636,17 +638,17 @@ msgstr "" "de non réponse à moins de 10 secondes (0 pour désactiver l'option)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -658,17 +660,17 @@ msgstr "" "nouveau l'arrière plan." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "Défaut : 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -682,17 +684,17 @@ msgstr "" "domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "Défaut : root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -700,62 +702,62 @@ msgstr "" "à « false »." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "override_homedir (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "%u" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "nom de connexion" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "nom de domaine" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "%f" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "nom d'utilisateur qualifié totalement (utilisateur@domaine)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "%%" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "un « % » littéral" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -766,17 +768,17 @@ msgstr "" "substituées :<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "Cette option peut aussi être définie pour chaque domaine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "allowed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -784,13 +786,13 @@ msgstr "" "est :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Si le shell est présent dans <quote>/etc/shells</quote> il est utilisé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -800,7 +802,7 @@ msgstr "" "sera faite." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -809,12 +811,12 @@ msgstr "" "shells</quote>, une connexion sans shell est utlisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "Une chaîne vide pour le shell est passée comme elle est à la libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -823,29 +825,29 @@ msgstr "" "redémarrage de SSSD est nécessaire si un nouveau shell est installé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Défaut : non défini. Le shell de l'utilisateur est utilisé automatiquement." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "vetoed_shells (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" "Remplacer toutes les occurences de ces shells par le « shell_fallback »" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "shell_fallback (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -853,17 +855,17 @@ msgstr "" "la machine." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "Défaut : /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "Options de configuration de PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -872,12 +874,12 @@ msgstr "" "(PAM)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -887,17 +889,17 @@ msgstr "" "connexion réussie)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "Défaut : 0 (pas de limite)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -906,12 +908,12 @@ msgstr "" "échouées sont autorisées." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -920,7 +922,7 @@ msgstr "" "atteint avant qu'une nouvelle tentative soit possible." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -928,17 +930,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "Défaut : 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -947,44 +949,44 @@ msgstr "" "d'authentification. Le nombre le plus grand affichera plus de messages." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "Actuellement sssd supporte les valeurs :" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis> : ne pas afficher de message" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis> : afficher les messages d'information" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis> : afficher tous les messages et informations de " "débogage" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "Défaut : 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -996,7 +998,7 @@ msgstr "" "les dernières informations." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1010,17 +1012,17 @@ msgstr "" "retour avec le fournisseur d'identité." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "Afficher une alerte N jours avant que le mot de passe n'expire." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1031,22 +1033,135 @@ msgstr "" "manquante, sssd ne peut afficher de message d'alerte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "Défaut : 7" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +#, fuzzy +#| msgid "NSS configuration options" +msgid "SUDO configuration options" +msgstr "Options de configuration NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +#, fuzzy +#| msgid "These options can be used to configure any service." +msgid "These options can be used to configure the sudo service." +msgstr "Ces options peuvent être utilisées pour configurer les services." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "sudo_cache_timeout (integer)" +msgstr "enum_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +#, fuzzy +#| msgid "" +#| "For any PAM request while SSSD is online, the SSSD will attempt to " +#| "immediately update the cached identity information for the user in order " +#| "to ensure that authentication takes place with the latest information." +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" +"Pour chaque requête PAM quand SSSD est déconnecté, le SSSD tentera de mettre " +"à jour immédiatement les informations d'identité mises en cache pour " +"l'utilisateur de manière à s'assurer que l'authentification se fasse avec " +"les dernières informations." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +#, fuzzy +#| msgid "Default: 10" +msgid "Default: 180" +msgstr "Défaut : 10" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +#, fuzzy +#| msgid "debug_timestamps (bool)" +msgid "sudo_timed (bool)" +msgstr "debug_timestamps (booléen)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +#, fuzzy +#| msgid "NSS configuration options" +msgid "AUTOFS configuration options" +msgstr "Options de configuration NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +#, fuzzy +#| msgid "These options can be used to configure any service." +msgid "These options can be used to configure the autofs service." +msgstr "Ces options peuvent être utilisées pour configurer les services." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +#, fuzzy +#| msgid "entry_negative_timeout (integer)" +msgid "autofs_negative_timeout (integer)" +msgstr "entry_negative_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +#, fuzzy +#| msgid "" +#| "Specifies for how many seconds nss_sss should cache negative cache hits " +#| "(that is, queries for invalid database entries, like nonexistent ones) " +#| "before asking the back end again." +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Spécifie le temps, en secondes, pendant lequel nss_sss doit mettre en cache " +"les résultats négatifs du cache (c'est-à-dire les requêtes pour les bases de " +"données invalides, comme celles qui n'existent pas) avant d'appeler à " +"nouveau l'arrière plan." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "SECTIONS DOMAINE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -1055,7 +1170,7 @@ msgstr "" "dehors de ces limites, il est ignoré." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -1068,17 +1183,17 @@ msgstr "" "plage seront rapportés comme prévu." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Default: 1 for min_id, 0 (no limit) for max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." @@ -1088,17 +1203,17 @@ msgstr "" "répondre." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "Défaut : 10" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "enumerate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" @@ -1107,22 +1222,22 @@ msgstr "" "valeurs suivantes :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = utilisateurs et groupes sont comptés" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = aucune énumération pour ce domaine" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "Défaut : FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -1138,7 +1253,7 @@ msgstr "" "importante liée au processus d'énumération." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -1148,7 +1263,7 @@ msgstr "" "complétion." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1162,12 +1277,12 @@ msgstr "" "le id_provider spécifique utilisé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -1176,34 +1291,122 @@ msgstr "" "valides avant d'appeler à nouveau l'arrière plan" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "Défaut : 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Combien de temps en secondes doit considérer nss_sss les entrées comme " +"valides avant d'appeler à nouveau l'arrière plan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "Default: entry_cache_timeout" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Combien de temps en secondes doit considérer nss_sss les entrées comme " +"valides avant d'appeler à nouveau l'arrière plan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Combien de temps en secondes doit considérer nss_sss les entrées comme " +"valides avant d'appeler à nouveau l'arrière plan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Combien de temps en secondes doit considérer nss_sss les entrées comme " +"valides avant d'appeler à nouveau l'arrière plan" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "cache_credentials (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "Détermine si les crédits utilisateur sont aussi mis en cache dans le cache " "LDB local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1216,49 +1419,49 @@ msgstr "" "ou égal à offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "Défault: 0 (illimité)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "id_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" "L'identité du fournisseur de données en arrière-plan à utiliser pour le " "domaine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "Moteurs supportés :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "proxy: supporte l'ancien protocole NSS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "local: protocole SSSD interne et local" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "ldap: protocole LDAP" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1272,12 +1475,12 @@ msgstr "" "test@LOCAL</command> ne le trouve." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "auth_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -1286,7 +1489,7 @@ msgstr "" "autorisés sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1298,7 +1501,7 @@ msgstr "" "LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1309,7 +1512,7 @@ msgstr "" "citerefentry> pour plus d'informations sur la configuration de Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" @@ -1317,12 +1520,12 @@ msgstr "" "PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> désactive l'authentification explicitement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -1331,12 +1534,12 @@ msgstr "" "gérer les requêtes d'authentification." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "access_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1347,17 +1550,17 @@ msgstr "" "plan). Les fournisseurs internes spécifiques sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "<quote>permit</quote> autoriser l'accès de manière permanente." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> refuser l'accès de manière permanente.." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1370,17 +1573,17 @@ msgstr "" "configuration du module d'accès simple." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "Défaut : <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "chpass_provider (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -1389,7 +1592,7 @@ msgstr "" "domaine. Les fournisseurs acceptés sont :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1401,7 +1604,7 @@ msgstr "" "l'IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1413,7 +1616,7 @@ msgstr "" "serveur LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1425,7 +1628,7 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" @@ -1433,13 +1636,13 @@ msgstr "" "autre cible PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" "<quote>none</quote> désactiver le changement de mot de passe explicitement." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -1448,12 +1651,123 @@ msgstr "" "gérer les changements de mot de passe." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +#, fuzzy +#| msgid "id_provider (string)" +msgid "sudo_provider (string)" +msgstr "id_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +#, fuzzy +#| msgid "" +#| "The authentication provider used for the domain. Supported auth " +#| "providers are:" +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Le fournisseur d'authentification utilisé pour le domaine. Les fournisseurs " +"autorisés sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +#, fuzzy +#| msgid "" +#| "<quote>ldap</quote> to change a password stored in a LDAP server. See " +#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring LDAP." +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> pour changer le mot de passe stocké sur un serveur LDAP. " +"Voir <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration du " +"serveur LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +#, fuzzy +#| msgid "<quote>none</quote> disables authentication explicitly." +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> désactive l'authentification explicitement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +#, fuzzy +#| msgid "" +#| "Default: <quote>id_provider</quote> is used if it is set and can handle " +#| "authentication requests." +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " +"gérer les requêtes d'authentification." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +#, fuzzy +#| msgid "access_provider (string)" +msgid "session_provider (string)" +msgstr "access_provider (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +#, fuzzy +#| msgid "" +#| "The provider which should handle change password operations for the " +#| "domain. Supported change password providers are:" +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" +"Le fournisseur qui devrait gérer le changement des mots de passe pour le " +"domaine. Les fournisseurs acceptés sont :" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to change a password stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> pour changer le mot de passe stocké sur un serveur IPA. " +"Voir <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> pour plus d'informations sur la configuration de " +"l'IPA." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +#, fuzzy +#| msgid "<quote>none</quote> disallows password changes explicitly." +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" +"<quote>none</quote> désactiver le changement de mot de passe explicitement." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +#, fuzzy +#| msgid "" +#| "Default: <quote>id_provider</quote> is used if it is set and can handle " +#| "authentication requests." +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" +"Par défaut : <quote>id_provider</quote> est utilisé s'il est défini et peut " +"gérer les requêtes d'authentification." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "lookup_family_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -1462,46 +1776,46 @@ msgstr "" "utiliser pour effectuer les requêtes DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "Valeurs autorisées :" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first : essaye de chercher une IPv4, si ça échoue, essaye une IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only : ne tente de résoudre que les noms de domaines en adresses IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first : essaye de chercher une IPv6, si ça échoue, essaye une IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only : ne tente de résoudre que les noms de domaines en adresses IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "Défaut : ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1512,12 +1826,12 @@ msgstr "" "le domaine continuera en mode déconnecté." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -1527,41 +1841,41 @@ msgstr "" "de DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Défaut : utilise la partie du domaine qui est dans le nom d'hôte de la " "machine." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "override_gid (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "Redéfini le GID primaire avec la valeur spécifiée." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1573,17 +1887,17 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "Le proxy cible auquel PAM devient mandataire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1592,12 +1906,12 @@ msgstr "" "ou créer une nouvelle et ajouter le nom de service ici." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1608,7 +1922,7 @@ msgstr "" "$(libName)_$(function), par exemple _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1617,12 +1931,12 @@ msgstr "" "id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "La section du domaine local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1633,29 +1947,29 @@ msgstr "" "dire un domaine qui utilise <replaceable>id_provider=local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "default_shell (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "Le shell par défaut pour les utilisateurs créés avec les outils de l'espace " "utilisateur SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "Par défaut : <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "base_directory (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1664,17 +1978,17 @@ msgstr "" "replaceable> et l'utilise comme dossier maison." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "Par défaut : <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "create_homedir (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1683,17 +1997,17 @@ msgstr "" "utilisateurs. Peut être outrepassé par la ligne de commande." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "Par défaut : TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "remove_homedir (booléen)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1702,12 +2016,12 @@ msgstr "" "des utilisateurs. Peut être outrepassé par la ligne de commande." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "homedir_umask (entier)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1718,17 +2032,17 @@ msgstr "" "défaut sur un répertoire maison nouvellement créé." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "Par défaut : 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "skel_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1741,17 +2055,17 @@ msgstr "" "manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "Par défaut : <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "mail_dir (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1762,17 +2076,17 @@ msgstr "" "par défaut est utilisée." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "Par défaut : <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "userdel_cmd (chaîne)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1783,18 +2097,18 @@ msgstr "" "commande n'est pas pris en compte." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "Par défaut : aucune commande lancée" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "EXEMPLE" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1848,7 +2162,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1861,7 +2175,7 @@ msgstr "" "\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -2235,7 +2549,7 @@ msgstr "" "L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "Par défaut : gidNumber" @@ -2295,7 +2609,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -2305,14 +2619,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2581,11 +2895,25 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:585 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 msgid "ldap_force_upper_case_realm (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:585 +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2594,29 +2922,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2624,52 +2952,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2677,24 +3007,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2702,89 +3032,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2792,158 +3122,266 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 -msgid "ldap_search_timeout (integer)" -msgstr "" - -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 -msgid "" -"Specifies the timeout (in seconds) that ldap searches are allowed to run " -"before they are cancelled and cached results are returned (and offline mode " -"is entered)" -msgstr "" +#: sssd-ldap.5.xml:900 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_service_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 -msgid "" -"Note: this option is subject to change in future versions of the SSSD. It " -"will likely be replaced at some point by a series of timeouts for specific " -"lookup types." -msgstr "" +#: sssd-ldap.5.xml:903 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of a service entry in LDAP." +msgstr "La classe objet d'une entrée utilisateur dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 -msgid "Default: 6" -msgstr "" +#: sssd-ldap.5.xml:906 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: ipService" +msgstr "Défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 -msgid "ldap_enumeration_search_timeout (integer)" -msgstr "" +#: sssd-ldap.5.xml:912 +#, fuzzy +#| msgid "ldap_dns_service_name (string)" +msgid "ldap_service_name (string)" +msgstr "ldap_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:915 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." msgid "" -"Specifies the timeout (in seconds) that ldap searches for user and group " -"enumerations are allowed to run before they are cancelled and cached results " -"are returned (and offline mode is entered)" -msgstr "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 -msgid "Default: 60" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +#, fuzzy +#| msgid "ldap_dns_service_name (string)" +msgid "ldap_service_port (string)" +msgstr "ldap_dns_service_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +#, fuzzy +#| msgid "Default: ipv4_first" +msgid "Default: ipServicePort" +msgstr "Défaut : ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +#, fuzzy +#| msgid "ldap_dns_service_name (string)" +msgid "ldap_service_proto (string)" +msgstr "ldap_dns_service_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "Default: ipv4_first" +msgid "Default: ipServiceProtocol" +msgstr "Défaut : ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_service_search_base (string)" +msgstr "ldap_user_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 +msgid "ldap_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:973 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 +msgid "Default: 6" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:991 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:994 +msgid "" +"Specifies the timeout (in seconds) that ldap searches for user and group " +"enumerations are allowed to run before they are cancelled and cached results " +"are returned (and offline mode is entered)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1001 +msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2954,12 +3392,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2967,12 +3405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2981,34 +3419,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1088 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1106 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -3016,13 +3482,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1112 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -3031,7 +3497,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -3039,26 +3505,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3066,7 +3532,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3074,7 +3540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -3082,41 +3548,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -3125,38 +3591,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -3164,90 +3630,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -3255,27 +3721,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3287,7 +3753,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3295,7 +3761,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3303,62 +3769,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 +#, fuzzy +#| msgid "" +#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default " +#| "permissions on a newly created home directory." msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" +"Utilisé par <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " +"<manvolnum>8</manvolnum> </citerefentry> pour spécifier les permissions par " +"défaut sur un répertoire maison nouvellement créé." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3366,61 +3839,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "Défaut : ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3430,12 +3903,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "Exemple:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3444,14 +3917,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3460,24 +3933,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "Défaut : vide" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3485,19 +3958,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3506,7 +3979,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3514,7 +3987,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3523,89 +3996,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "ldap_access_order (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "Défaut : filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "ldap_deref (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3622,74 +4095,461 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" -msgstr "OPTIONS AVANCÉES" +#: sssd-ldap.5.xml:1639 +#, fuzzy +#| msgid "OPTIONS" +msgid "SUDO OPTIONS" +msgstr "OPTIONS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" -msgstr "ldap_netgroup_search_base (chaînes)" +#: sssd-ldap.5.xml:1644 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of a sudo rule entry in LDAP." +msgstr "La classe objet d'une entrée utilisateur dans LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1650 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoRole" +msgstr "Par défaut : uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_name (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "ldap_sudorule_command (string)" +msgstr "ldap_schema (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." +msgid "The LDAP attribute that corresponds to the command name." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoCommand" +msgstr "Par défaut : uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +#, fuzzy +#| msgid "ldap_user_gecos (string)" +msgid "ldap_sudorule_host (string)" +msgstr "ldap_user_gecos (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1685 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" msgstr "" +"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +#, fuzzy +#| msgid "Default: root" +msgid "Default: sudoHost" +msgstr "Défaut : root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +#, fuzzy +#| msgid "ldap_user_uid_number (string)" +msgid "ldap_sudorule_user (string)" +msgstr "ldap_user_uid_number (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1703 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoUser" +msgstr "Par défaut : uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +#, fuzzy +#| msgid "ldap_uri (string)" +msgid "ldap_sudorule_option (string)" +msgstr "ldap_uri (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoOption" +msgstr "Par défaut : uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." msgstr "" +"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1729 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: sudoRunAsUser" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" +"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: sudoRunAsGroup" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +#, fuzzy +#| msgid "ldap_user_uid_number (string)" +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_user_uid_number (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" +"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: sudoNotBefore" +msgstr "par défaut : uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" +"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: sudoNotAfter" +msgstr "Défaut : filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ldap_sudorule_order (string)" +msgstr "ldap_access_order (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +#, fuzzy +#| msgid "Default: password" +msgid "Default: sudoOrder" +msgstr "Par défaut : password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +#, fuzzy +#| msgid "ldap_referrals (boolean)" +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "ldap_referrals (booléen)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +#, fuzzy +#| msgid "dns_resolver_timeout (integer)" +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "dns_resolver_timeout (entier)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +#, fuzzy +#| msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>" +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +#, fuzzy +#| msgid "" +#| "The skeleton directory, which contains files and directories to be copied " +#| "in the user's home directory, when the home directory is created by " +#| "<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +#| "manvolnum> </citerefentry>" +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" +"Le répertoire squelette contenant les fichiers et répertoires à copier dans " +"le répertoire maison utilisateur une fois ce répertoire créé par " +"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +#, fuzzy +#| msgid "OPTIONS" +msgid "AUTOFS OPTIONS" +msgstr "OPTIONS" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of an automount map entry in LDAP." +msgstr "La classe objet d'une entrée utilisateur dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +#, fuzzy +#| msgid "Default: root" +msgid "Default: automountMap" +msgstr "Défaut : root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The name of an automount map entry in LDAP." +msgstr "La classe objet d'une entrée utilisateur dans LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: ou" +msgstr "Par défaut : uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1888 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" +msgstr "OPTIONS AVANCÉES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "ldap_netgroup_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3697,33 +4557,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (chaînes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +#, fuzzy +#| msgid "ldap_search_base (string)" +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_user_search_base (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3731,7 +4617,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3739,7 +4625,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3753,18 +4639,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "NOTES" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3773,7 +4659,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -4231,73 +5117,112 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "ipa_dyndns_iface (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_host_search_base (string)" +msgstr "ipa_hbac_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_hbac_search_base (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "krb5_validate (booléen)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -4305,12 +5230,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (entier)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4318,17 +5243,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "Défaut : 5 (secondes)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (chaîne)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4337,144 +5262,353 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "Défaut : DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "ldap_user_object_class (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ipa_selinux_usermap_name (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +#, fuzzy +#| msgid "ipa_server (string)" +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "ipa_server (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" +"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +#, fuzzy +#| msgid "ipa_server (string)" +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "ipa_server (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "simple_deny_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +#, fuzzy +#| msgid "Default: gecos" +msgid "Default: seeAlso" +msgstr "Par défaut : gecos" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +#, fuzzy +#| msgid "simple_deny_users (string)" +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "simple_deny_users (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +#, fuzzy +#| msgid "Default: password" +msgid "Default: ipaSELinuxUser" +msgstr "Par défaut : password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "ldap_user_name (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +#, fuzzy +#| msgid "Default: ldap" +msgid "Default: ipaEnabledFlag" +msgstr "Défaut : ldap" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +#, fuzzy +#| msgid "ldap_user_search_filter (string)" +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "ldap_user_search_filter (chaînes)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's gecos field." +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: userCategory" +msgstr "Défaut : filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "ipa_hostname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: hostCategory" +msgstr "Défaut : filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +#, fuzzy +#| msgid "ipa_server (string)" +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "ipa_server (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "L'attribut LDAP correspondant à l'id utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +#, fuzzy +#| msgid "Default: true" +msgid "Default: ipaUniqueID" +msgstr "Défaut : true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "ipa_host_ssh_public_key (string)" +msgstr "ipa_hostname (chaîne)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's login name." +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: ipaSshPubKey" +msgstr "par défaut : uidNumber" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4482,7 +5616,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4492,7 +5626,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -5898,3 +7032,6 @@ msgstr "<option>-h</option>,<option>--help</option>" #: include/param_help.xml:7 msgid "Display help message and exit." msgstr "Affiche l'aide et quitte." + +#~ msgid "Supported services: nss, pam" +#~ msgstr "Services supportés : nss, pam" diff --git a/src/man/po/hu.po b/src/man/po/hu.po index fe97f9714..79a6e6bc8 100644 --- a/src/man/po/hu.po +++ b/src/man/po/hu.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/id.po b/src/man/po/id.po index d22257ecb..e9c03b0ad 100644 --- a/src/man/po/id.po +++ b/src/man/po/id.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/it.po b/src/man/po/it.po index 33f635315..ada6c4736 100644 --- a/src/man/po/it.po +++ b/src/man/po/it.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Italian <trans-it@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/ja.po b/src/man/po/ja.po index 1f3bade76..1498ab38c 100644 --- a/src/man/po/ja.po +++ b/src/man/po/ja.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/ja_JP.po b/src/man/po/ja_JP.po index 04abc8e31..b9afb1f8f 100644 --- a/src/man/po/ja_JP.po +++ b/src/man/po/ja_JP.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/ko.po b/src/man/po/ko.po index 4df2ac38a..d91033e0c 100644 --- a/src/man/po/ko.po +++ b/src/man/po/ko.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/lt.po b/src/man/po/lt.po index ffd5eac82..8d38a5a40 100644 --- a/src/man/po/lt.po +++ b/src/man/po/lt.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/" @@ -107,9 +107,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -216,7 +216,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -245,33 +245,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -280,19 +281,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -300,7 +301,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -308,19 +309,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -328,17 +329,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -347,7 +348,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -355,40 +356,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -406,12 +407,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -420,60 +421,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -482,45 +484,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -528,7 +530,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -538,7 +540,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -547,17 +549,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -565,17 +567,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -584,78 +586,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -663,138 +665,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -802,59 +804,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -862,7 +864,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -871,17 +873,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -889,29 +891,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -920,56 +1001,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -979,14 +1060,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -995,44 +1076,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1041,47 +1176,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1090,19 +1225,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1110,7 +1245,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1118,30 +1253,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1149,17 +1284,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1168,24 +1303,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1193,7 +1328,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1201,7 +1336,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1209,72 +1344,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1282,51 +1477,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1334,29 +1529,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1364,19 +1559,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1384,73 +1579,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1458,17 +1653,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1477,17 +1672,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1495,17 +1690,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1513,18 +1708,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1554,7 +1749,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1563,7 +1758,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1884,7 +2079,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1944,7 +2139,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1954,14 +2149,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2230,11 +2425,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2243,29 +2448,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2273,52 +2478,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2326,24 +2533,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2351,89 +2558,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2441,114 +2648,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2556,7 +2847,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2564,17 +2855,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2582,17 +2873,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2603,12 +2894,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2616,12 +2907,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2630,48 +2921,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2680,7 +2999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2688,26 +3007,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2715,7 +3034,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2723,7 +3042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2731,41 +3050,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2774,38 +3093,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2813,90 +3132,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2904,27 +3223,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2936,7 +3255,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2944,7 +3263,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2952,62 +3271,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3015,61 +3333,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3079,12 +3397,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3093,14 +3411,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3109,24 +3427,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3134,19 +3452,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3155,7 +3473,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3163,7 +3481,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3172,89 +3490,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3271,74 +3589,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3346,33 +3944,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3380,7 +4000,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3388,7 +4008,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3402,18 +4022,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3422,7 +4042,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3876,73 +4496,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3950,12 +4605,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3963,17 +4618,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3982,144 +4637,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4127,7 +4936,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4137,7 +4946,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/nb.po b/src/man/po/nb.po index 466411afc..04c2e0d19 100644 --- a/src/man/po/nb.po +++ b/src/man/po/nb.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/nl.po b/src/man/po/nl.po index 9d7c5f1e6..e498a44d1 100644 --- a/src/man/po/nl.po +++ b/src/man/po/nl.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/team/nl/)\n" @@ -120,9 +120,9 @@ msgstr "" "replaceable> parameter." #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -255,7 +255,7 @@ msgid "The [sssd] section" msgstr "De [sssd] sectie" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "Sectie parameters" @@ -287,16 +287,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" -msgstr "Ondersteunde diensten: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -305,17 +306,17 @@ msgstr "" "Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "Standaard: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "domeinen" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -328,12 +329,12 @@ msgstr "" "lijst van domeinen in de volgorde die SSSD ze moet aflopen." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "re_expression (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." @@ -342,7 +343,7 @@ msgstr "" "domeinnaam verwerkt moeten worden." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -353,7 +354,7 @@ msgstr "" "het domein alles daarna\"" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -361,7 +362,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." @@ -370,12 +371,12 @@ msgstr "" "(?P<name>) om subpatronen aan te geven." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "full_name_format (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -386,17 +387,17 @@ msgstr "" "(met name, domain) vertaald wordt in een full qualified name." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Standaard: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "try_inotify (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -409,7 +410,7 @@ msgstr "" "kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -420,7 +421,7 @@ msgstr "" "gezet worden" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." @@ -429,7 +430,7 @@ msgstr "" "systemen." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." @@ -439,12 +440,12 @@ msgstr "" "conf." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." @@ -453,14 +454,14 @@ msgstr "" "opslaan." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -478,12 +479,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "SERVICES SECTIE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -492,60 +493,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "Algemene service configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "Deze opties kunnen gebruikt worden om services te configureren." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "debug_level (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "Voeg een tijdstempel toe aan de debugberichten" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "Standaard: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "command (tekst)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -554,17 +556,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "Standaard: <command>sssd_${service_name}</command>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "NSS configuratie-opties" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -572,12 +574,12 @@ msgstr "" "configurere." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -586,17 +588,17 @@ msgstr "" "over alle gebruikers)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "Standaard: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -604,7 +606,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -614,7 +616,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -623,17 +625,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (numeriek)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -641,17 +643,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -660,78 +662,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -739,138 +741,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -878,59 +880,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -938,7 +940,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -947,17 +949,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -965,29 +967,124 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +#, fuzzy +#| msgid "NSS configuration options" +msgid "SUDO configuration options" +msgstr "NSS configuratie-opties" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +#, fuzzy +#| msgid "These options can be used to configure any service." +msgid "These options can be used to configure the sudo service." +msgstr "Deze opties kunnen gebruikt worden om services te configureren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "sudo_cache_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +#, fuzzy +#| msgid "Default: 120" +msgid "Default: 180" +msgstr "Standaard: 120" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +#, fuzzy +#| msgid "debug_timestamps (bool)" +msgid "sudo_timed (bool)" +msgstr "debug_timestamps (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +#, fuzzy +#| msgid "NSS configuration options" +msgid "AUTOFS configuration options" +msgstr "NSS configuratie-opties" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +#, fuzzy +#| msgid "These options can be used to configure any service." +msgid "These options can be used to configure the autofs service." +msgstr "Deze opties kunnen gebruikt worden om services te configureren." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +#, fuzzy +#| msgid "entry_negative_timeout (integer)" +msgid "autofs_negative_timeout (integer)" +msgstr "entry_negative_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -996,56 +1093,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -1055,14 +1152,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1071,44 +1168,130 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "entry_cache_user_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss cache enumerations (requests for info " +#| "about all users)" +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " +"over alle gebruikers)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "entry_cache_group_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss cache enumerations (requests for info " +#| "about all users)" +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " +"over alle gebruikers)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss cache enumerations (requests for info " +#| "about all users)" +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " +"over alle gebruikers)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "entry_cache_service_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss cache enumerations (requests for info " +#| "about all users)" +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie " +"over alle gebruikers)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1117,47 +1300,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1166,19 +1349,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1186,7 +1369,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1194,30 +1377,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1225,17 +1408,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1244,24 +1427,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1269,7 +1452,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1277,7 +1460,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1285,72 +1468,134 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +#, fuzzy +#| msgid "re_expression (string)" +msgid "session_provider (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1358,51 +1603,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1410,29 +1655,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1440,19 +1685,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1460,73 +1705,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1534,17 +1779,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1553,17 +1798,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1571,17 +1816,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1589,18 +1834,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1630,7 +1875,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1639,7 +1884,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1960,7 +2205,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -2020,7 +2265,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -2030,14 +2275,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2306,11 +2551,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2319,29 +2574,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2349,52 +2604,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2402,24 +2659,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2427,89 +2684,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2517,114 +2774,206 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +#, fuzzy +#| msgid "Default: true" +msgid "Default: ipService" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +#, fuzzy +#| msgid "full_name_format (string)" +msgid "ldap_service_port (string)" +msgstr "full_name_format (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +#, fuzzy +#| msgid "Default: true" +msgid "Default: ipServicePort" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ldap_service_proto (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2632,7 +2981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2640,17 +2989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2658,17 +3007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2679,12 +3028,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2692,12 +3041,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2706,34 +3055,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1088 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1106 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2741,13 +3118,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1112 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2756,7 +3133,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2764,26 +3141,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2791,7 +3168,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2799,7 +3176,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2807,41 +3184,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2850,38 +3227,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2889,90 +3266,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2980,27 +3357,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3012,7 +3389,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3020,7 +3397,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3028,62 +3405,69 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 +#, fuzzy +#| msgid "" +#| "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +#| "manvolnum> </citerefentry>-compatible format that describes how to " +#| "translate a (name, domain) tuple into a fully qualified name." msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" +"Een <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" +"manvolnum> </citerefentry>-compatibel formaat wat omschrijft hoe een tuple " +"(met name, domain) vertaald wordt in een full qualified name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3091,61 +3475,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3155,12 +3539,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3169,14 +3553,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3185,236 +3569,552 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 +msgid "" +"With this option a client side evaluation of access control attributes can " +"be enabled." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1525 +msgid "" +"Please note that it is always recommended to use server side access control, " +"i.e. the LDAP server should deny the bind request with a suitable error code " +"even if the password is correct." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1532 +msgid "The following values are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1535 +msgid "" +"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " +"determine if the account is expired." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1540 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1547 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1553 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1568 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1571 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1575 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1578 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1582 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1587 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1591 +msgid "Default: filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1594 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1601 +msgid "ldap_deref (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1604 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1613 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1623 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1628 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1639 +#, fuzzy +#| msgid "OPTIONS" +msgid "SUDO OPTIONS" +msgstr "OPTIES" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoRole" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +#, fuzzy +#| msgid "full_name_format (string)" +msgid "ldap_sudorule_name (string)" +msgstr "full_name_format (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +#, fuzzy +#| msgid "command (string)" +msgid "ldap_sudorule_command (string)" +msgstr "command (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoCommand" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1685 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: sudoHost" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1703 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoUser" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +#, fuzzy +#| msgid "re_expression (string)" +msgid "ldap_sudorule_option (string)" +msgstr "re_expression (tekst)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoOption" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 msgid "" -"With this option a client side evaluation of access control attributes can " -"be enabled." +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 -msgid "" -"Please note that it is always recommended to use server side access control, " -"i.e. the LDAP server should deny the bind request with a suitable error code " -"even if the password is correct." +#: sssd-ldap.5.xml:1729 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoRunAsUser" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 -msgid "The following values are allowed:" +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 -msgid "" -"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " -"determine if the account is expired." +#: sssd-ldap.5.xml:1742 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoRunAsGroup" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1751 msgid "" -"<emphasis>ad</emphasis>: use the value of the 32bit field " -"ldap_user_ad_user_account_control and allow access if the second bit is not " -"set. If the attribute is missing access is granted. Also the expiration time " -"of the account is checked." +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 -msgid "" -"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" -"emphasis>: use the value of ldap_ns_account_lock to check if access is " -"allowed or not." +#: sssd-ldap.5.xml:1755 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoNotBefore" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1764 msgid "" -"<emphasis>nds</emphasis>: the values of " -"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " -"ldap_user_nds_login_expiration_time are used to check if access is allowed. " -"If both attributes are missing access is granted." +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoNotAfter" +msgstr "Standaard: true" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 -msgid "ldap_access_order (string)" +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 -msgid "Comma separated list of access control options. Allowed values are:" +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 -msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +#: sssd-ldap.5.xml:1782 +#, fuzzy +#| msgid "Default: true" +msgid "Default: sudoOrder" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 -msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "enum_cache_timeout (numeriek)" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1804 msgid "" -"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " -"to determine access" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 -msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 -msgid "Default: filter" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +#, fuzzy +#| msgid "OPTIONS" +msgid "AUTOFS OPTIONS" +msgstr "OPTIES" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 msgid "" -"Please note that it is a configuration error if a value is used more than " -"once." +"Please note that the default values correspond to the default schema which " +"is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 -msgid "ldap_deref (string)" +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 -msgid "" -"Specifies how alias dereferencing is done when performing a search. The " -"following options are allowed:" +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 -msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +#, fuzzy +#| msgid "Default: true" +msgid "Default: automountMap" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 -msgid "" -"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " -"the base object, but not in locating the base object of the search." +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 -msgid "" -"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " -"the base object of the search." +#: sssd-ldap.5.xml:1853 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ou" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 msgid "" -"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " -"in locating the base object of the search." +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 -msgid "" -"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " -"client libraries)" +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:1832 msgid "" -"All of the common configuration options that apply to SSSD domains also " -"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " -"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" -"manvolnum> </citerefentry> manual page for full details. <placeholder type=" -"\"variablelist\" id=\"0\"/>" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 +#: sssd-ldap.5.xml:1904 msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 +#: sssd-ldap.5.xml:1911 msgid "ldap_netgroup_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1914 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 -msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." -msgstr "" - -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3422,33 +4122,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3456,7 +4178,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3464,7 +4186,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3478,18 +4200,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3498,7 +4220,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3952,73 +4674,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -4026,12 +4783,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4039,17 +4796,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4058,144 +4815,310 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: seeAlso" +msgstr "Standaard: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +#, fuzzy +#| msgid "Default: true" +msgid "Default: ipaSELinuxUser" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +#, fuzzy +#| msgid "Default: true" +msgid "Default: userCategory" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +#, fuzzy +#| msgid "Default: true" +msgid "Default: hostCategory" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +#, fuzzy +#| msgid "Default: true" +msgid "Default: ipaUniqueID" +msgstr "Standaard: true" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +#, fuzzy +#| msgid "Default: true" +msgid "Default: ipaSshPubKey" +msgstr "Standaard: true" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4203,7 +5126,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4213,7 +5136,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -5565,3 +6488,6 @@ msgstr "" #: include/param_help.xml:7 msgid "Display help message and exit." msgstr "" + +#~ msgid "Supported services: nss, pam" +#~ msgstr "Ondersteunde diensten: nss, pam" diff --git a/src/man/po/nn.po b/src/man/po/nn.po index 5a74d478f..07a16b0c1 100644 --- a/src/man/po/nn.po +++ b/src/man/po/nn.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/pl.po b/src/man/po/pl.po index af5a62401..3fc0e7f08 100644 --- a/src/man/po/pl.po +++ b/src/man/po/pl.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: sgallagh <sgallagh@redhat.com>\n" "Language-Team: Polish (http://www.transifex.net/projects/p/fedora/team/pl/)\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,26 +355,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." @@ -382,14 +383,14 @@ msgstr "" "podręcznej odtwarzania Kerberosa." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -407,12 +408,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -421,60 +422,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -483,45 +485,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -529,7 +531,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -539,7 +541,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -548,17 +550,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -566,17 +568,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -585,78 +587,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -664,138 +666,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -803,59 +805,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -863,7 +865,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -872,17 +874,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -890,29 +892,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -921,56 +1002,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -980,14 +1061,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -996,44 +1077,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1042,47 +1177,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1091,19 +1226,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1111,7 +1246,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1119,30 +1254,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1150,17 +1285,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1169,24 +1304,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1194,7 +1329,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1202,7 +1337,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1210,72 +1345,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1283,51 +1478,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1335,29 +1530,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1365,19 +1560,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1385,73 +1580,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1459,17 +1654,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1478,17 +1673,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1496,17 +1691,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1514,18 +1709,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1555,7 +1750,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1564,7 +1759,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1885,7 +2080,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1945,7 +2140,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1955,14 +2150,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2231,11 +2426,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2244,29 +2449,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2274,52 +2479,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2327,24 +2534,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2352,89 +2559,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2442,114 +2649,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2557,7 +2848,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2565,17 +2856,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2583,17 +2874,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2604,12 +2895,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2617,12 +2908,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2631,48 +2922,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2681,7 +3000,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2689,26 +3008,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2716,7 +3035,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2724,7 +3043,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2732,41 +3051,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2775,38 +3094,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2814,90 +3133,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2905,27 +3224,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2937,7 +3256,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2945,7 +3264,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2953,62 +3272,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3016,61 +3334,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3080,12 +3398,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3094,14 +3412,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3110,24 +3428,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3135,19 +3453,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3156,7 +3474,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3164,7 +3482,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3173,89 +3491,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3272,74 +3590,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3347,33 +3945,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3381,7 +4001,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3389,7 +4009,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3403,18 +4023,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3423,7 +4043,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3877,73 +4497,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3951,12 +4606,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3964,17 +4619,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3983,144 +4638,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4128,7 +4937,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4138,7 +4947,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/pt.po b/src/man/po/pt.po index 5a2f9dbf1..cd811b8ca 100644 --- a/src/man/po/pt.po +++ b/src/man/po/pt.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: Miguel Sousa <migueljorgesousa@sapo.pt>\n" "Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n" @@ -120,9 +120,9 @@ msgstr "" "<replaceable>GROUPS</replaceable>." #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -250,7 +250,7 @@ msgid "The [sssd] section" msgstr "A seção [SSSD]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "Parâmetros de secção" @@ -283,16 +283,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" -msgstr "Suporte para serviços: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -301,17 +302,17 @@ msgstr "" "falha do provedor de dados ou reiniciar antes de eles desistirem" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "Padrão: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "domínios" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -324,19 +325,19 @@ msgstr "" "domínios na ordem desejada." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "re_expression (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -344,7 +345,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -352,19 +353,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "full_name_format (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -372,17 +373,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Default: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "try_inotify (boolean)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -391,7 +392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -399,40 +400,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -450,12 +451,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -464,60 +465,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "Padrão: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -526,45 +528,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -572,7 +574,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -582,7 +584,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -591,17 +593,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "Padrão: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -609,17 +611,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -628,78 +630,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "override_homedir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "%u" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "nome de login" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "Número UID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "nome de domínio" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "%f" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "%%" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "um literal '%'" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -707,138 +709,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "allowed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "vetoed_shells (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "shell_fallback (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "Padrão: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -846,59 +848,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "Padrão: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -906,7 +908,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -915,17 +917,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -933,29 +935,118 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +#, fuzzy +#| msgid "Configuration" +msgid "SUDO configuration options" +msgstr "Configuração" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "sudo_cache_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +#, fuzzy +#| msgid "Default: 10" +msgid "Default: 180" +msgstr "Padrão: 10" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +#, fuzzy +#| msgid "remove_homedir (bool)" +msgid "sudo_timed (bool)" +msgstr "remove_homedir (bool)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +#, fuzzy +#| msgid "pam_id_timeout (integer)" +msgid "autofs_negative_timeout (integer)" +msgstr "pam_id_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "SECÇÕES DE DOMÍNIO" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -964,56 +1055,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "Padrão: 10" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "enumerate (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "Padrão: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -1023,14 +1114,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1039,44 +1130,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "Padrão: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "Default: entry_cache_timeout" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_timeout (integer)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "cache_credentials (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1085,47 +1240,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "Padrão: 0 (ilimitado)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "id_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "Backends suportados:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (bool)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1134,19 +1289,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "auth_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1154,7 +1309,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1162,30 +1317,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "access_provider (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1193,17 +1348,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1212,24 +1367,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1237,7 +1392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1245,7 +1400,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1253,72 +1408,142 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +#, fuzzy +#| msgid "id_provider (string)" +msgid "sudo_provider (string)" +msgstr "id_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +#, fuzzy +#| msgid "" +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>" +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +#, fuzzy +#| msgid "access_provider (string)" +msgid "session_provider (string)" +msgstr "access_provider (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "Default: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1326,51 +1551,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "override_gid (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "case_sensitive (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1378,29 +1603,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1408,19 +1633,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "A secção de domínio local" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1428,73 +1653,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "default_shell (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "Padrão: <filename>bash/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "base_directory (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "Padrão: <filename>/ home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "create_homedir (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "Padrão: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "remove_homedir (bool)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "homedir_umask (integer)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1502,17 +1727,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "Padrão: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "skel_dir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1521,17 +1746,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "Padrão: <filename>skel/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "mail_dir (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1539,17 +1764,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "Padrão: <filename>mail/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "userdel_cmd (string)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1557,18 +1782,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "Padrão: None, nenhum comando é executado" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "EXEMPLO" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1622,7 +1847,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1631,7 +1856,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1970,7 +2195,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -2030,7 +2255,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "Padrão: nsUniqueId" @@ -2040,14 +2265,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "Padrão: modifyTimestamp" @@ -2316,11 +2541,23 @@ msgstr "Padrão: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 +#, fuzzy +#| msgid "ldap_user_shell (string)" +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:585 +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2329,29 +2566,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "Padrão: 300" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2359,52 +2596,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "Padrão: 10800 (12 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "Padrão: NC" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2412,24 +2651,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2437,89 +2676,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "Padrão: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2527,114 +2766,214 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "Padrão: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +#, fuzzy +#| msgid "ipa_host_object_class (string)" +msgid "ldap_service_object_class (string)" +msgstr "ipa_host_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: ipService" +msgstr "Padrão: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +#, fuzzy +#| msgid "ldap_user_fullname (string)" +msgid "ldap_service_name (string)" +msgstr "ldap_user_fullname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +#, fuzzy +#| msgid "ldap_tls_reqcert (string)" +msgid "ldap_service_port (string)" +msgstr "ldap_tls_reqcert (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +#, fuzzy +#| msgid "Default: ipv4_first" +msgid "Default: ipServicePort" +msgstr "Default: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +#, fuzzy +#| msgid "ldap_tls_reqcert (string)" +msgid "ldap_service_proto (string)" +msgstr "ldap_tls_reqcert (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "Default: ipv4_first" +msgid "Default: ipServiceProtocol" +msgstr "Default: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_service_search_base (string)" +msgstr "ldap_user_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "ldap_search_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2642,7 +2981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2650,17 +2989,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "Padrão: 6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2668,17 +3007,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "Padrão: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2689,12 +3028,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2702,12 +3041,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2716,34 +3055,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "Padrão: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1088 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 msgid "ldap_deref_threshold (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1106 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -2751,13 +3118,13 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1112 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2766,7 +3133,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2774,19 +3141,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -2795,7 +3162,7 @@ msgstr "" "qualquer certificado de servidor." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2803,7 +3170,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2811,7 +3178,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2819,41 +3186,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "Padrão: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2862,38 +3229,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2901,91 +3268,91 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "Padrão: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "Padrão: host/machine.fqdn@REALM" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "Padrão: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2993,27 +3360,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (integer)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "Padrão: 86400 (24 horas)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "krb5_server (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3025,7 +3392,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3033,7 +3400,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3041,62 +3408,67 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 +#, fuzzy +#| msgid "" +#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</" +#| "manvolnum> </citerefentry>" msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" +"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>8</" +"manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3104,61 +3476,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3168,12 +3540,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3182,14 +3554,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3198,24 +3570,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3223,211 +3595,559 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 +msgid "" +"<emphasis>ad</emphasis>: use the value of the 32bit field " +"ldap_user_ad_user_account_control and allow access if the second bit is not " +"set. If the attribute is missing access is granted. Also the expiration time " +"of the account is checked." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1547 +msgid "" +"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" +"emphasis>: use the value of ldap_ns_account_lock to check if access is " +"allowed or not." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1553 +msgid "" +"<emphasis>nds</emphasis>: the values of " +"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " +"ldap_user_nds_login_expiration_time are used to check if access is allowed. " +"If both attributes are missing access is granted." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1568 +msgid "ldap_access_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1571 +msgid "Comma separated list of access control options. Allowed values are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1575 +msgid "<emphasis>filter</emphasis>: use ldap_access_filter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1578 +msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1582 +msgid "" +"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " +"to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1587 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1591 +msgid "Default: filter" +msgstr "Padrão: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1594 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1601 +msgid "ldap_deref (string)" +msgstr "ldap_deref (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1604 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1613 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1623 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1628 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1639 +#, fuzzy +#| msgid "OPTIONS" +msgid "SUDO OPTIONS" +msgstr "Opções" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +#, fuzzy +#| msgid "ipa_host_object_class (string)" +msgid "ldap_sudorule_object_class (string)" +msgstr "ipa_host_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +#, fuzzy +#| msgid "Default: True" +msgid "Default: sudoRole" +msgstr "Padrão: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +#, fuzzy +#| msgid "ldap_user_fullname (string)" +msgid "ldap_sudorule_name (string)" +msgstr "ldap_user_fullname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +#, fuzzy +#| msgid "ldap_deref (string)" +msgid "ldap_sudorule_command (string)" +msgstr "ldap_deref (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +#, fuzzy +#| msgid "Default: shadowMin" +msgid "Default: sudoCommand" +msgstr "Padrão: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +#, fuzzy +#| msgid "ldap_user_authorized_host (string)" +msgid "ldap_sudorule_host (string)" +msgstr "ldap_user_authorized_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1685 +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +#, fuzzy +#| msgid "Default: host" +msgid "Default: sudoHost" +msgstr "Padrão: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +#, fuzzy +#| msgid "ldap_user_shell (string)" +msgid "ldap_sudorule_user (string)" +msgstr "ldap_user_shell (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1703 +#, fuzzy +#| msgid "Default: True" +msgid "Default: sudoUser" +msgstr "Padrão: TRUE" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +#, fuzzy +#| msgid "ldap_uri (string)" +msgid "ldap_sudorule_option (string)" +msgstr "ldap_uri (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +#, fuzzy +#| msgid "Default: shadowMin" +msgid "Default: sudoOption" +msgstr "Padrão: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +#, fuzzy +#| msgid "ldap_user_fullname (string)" +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_user_fullname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +#, fuzzy +#| msgid "Default: none" +msgid "Default: sudoRunAsUser" +msgstr "Padrão: none" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +#, fuzzy +#| msgid "ldap_user_uuid (string)" +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_user_uuid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +#, fuzzy +#| msgid "Default: shadowMin" +msgid "Default: sudoRunAsGroup" +msgstr "Padrão: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +#, fuzzy +#| msgid "ldap_deref (string)" +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_deref (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 msgid "" -"<emphasis>ad</emphasis>: use the value of the 32bit field " -"ldap_user_ad_user_account_control and allow access if the second bit is not " -"set. If the attribute is missing access is granted. Also the expiration time " -"of the account is checked." +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 -msgid "" -"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" -"emphasis>: use the value of ldap_ns_account_lock to check if access is " -"allowed or not." -msgstr "" +#: sssd-ldap.5.xml:1755 +#, fuzzy +#| msgid "Default: shadowExpire" +msgid "Default: sudoNotBefore" +msgstr "Padrão: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +#, fuzzy +#| msgid "ldap_user_fullname (string)" +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_user_fullname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1764 msgid "" -"<emphasis>nds</emphasis>: the values of " -"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " -"ldap_user_nds_login_expiration_time are used to check if access is allowed. " -"If both attributes are missing access is granted." +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: sudoNotAfter" +msgstr "Padrão: filter" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 -msgid "ldap_access_order (string)" -msgstr "" +#: sssd-ldap.5.xml:1775 +#, fuzzy +#| msgid "ldap_deref (string)" +msgid "ldap_sudorule_order (string)" +msgstr "ldap_deref (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 -msgid "Comma separated list of access control options. Allowed values are:" +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 -msgid "<emphasis>filter</emphasis>: use ldap_access_filter" -msgstr "" +#: sssd-ldap.5.xml:1782 +#, fuzzy +#| msgid "Default: shadowExpire" +msgid "Default: sudoOrder" +msgstr "Padrão: shadowExpire" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +#, fuzzy +#| msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "ldap_force_upper_case_realm (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 -msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (integer)" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1804 msgid "" -"<emphasis>authorized_service</emphasis>: use the authorizedService attribute " -"to determine access" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 -msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +#, fuzzy +#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 -msgid "Default: filter" -msgstr "Padrão: filter" +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +#, fuzzy +#| msgid "OPTIONS" +msgid "AUTOFS OPTIONS" +msgstr "Opções" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 msgid "" -"Please note that it is a configuration error if a value is used more than " -"once." +"Please note that the default values correspond to the default schema which " +"is RFC2307." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 -msgid "ldap_deref (string)" -msgstr "ldap_deref (string)" +#: sssd-ldap.5.xml:1834 +#, fuzzy +#| msgid "ipa_host_object_class (string)" +msgid "ldap_autofs_map_object_class (string)" +msgstr "ipa_host_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 -msgid "" -"Specifies how alias dereferencing is done when performing a search. The " -"following options are allowed:" +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 -msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." -msgstr "" +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +#, fuzzy +#| msgid "Default: /tmp" +msgid "Default: automountMap" +msgstr "Padrão: /tmp." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +#, fuzzy +#| msgid "ldap_user_fullname (string)" +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_user_fullname (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 -msgid "" -"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " -"the base object, but not in locating the base object of the search." +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 -msgid "" -"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " -"the base object of the search." -msgstr "" +#: sssd-ldap.5.xml:1853 +#, fuzzy +#| msgid "Default: 3" +msgid "Default: ou" +msgstr "Padrão: 3" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +#, fuzzy +#| msgid "ipa_host_object_class (string)" +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ipa_host_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +#, fuzzy +#| msgid "ldap_user_shell (string)" +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_user_shell (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 msgid "" -"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " -"in locating the base object of the search." +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +#, fuzzy +#| msgid "ldap_user_uuid (string)" +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_user_uuid (string)" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 -msgid "" -"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " -"client libraries)" -msgstr "" +#: sssd-ldap.5.xml:1895 +#, fuzzy +#| msgid "Default: shadowInactive" +msgid "Default: automountInformation" +msgstr "Padrão: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:1832 msgid "" -"All of the common configuration options that apply to SSSD domains also " -"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " -"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" -"manvolnum> </citerefentry> manual page for full details. <placeholder type=" -"\"variablelist\" id=\"0\"/>" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 +#: sssd-ldap.5.xml:1904 msgid "ADVANCED OPTIONS" msgstr "OPÇÕES AVANÇADAS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 +#: sssd-ldap.5.xml:1911 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1914 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 -msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." -msgstr "" - -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" -msgstr "" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3435,33 +4155,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +#, fuzzy +#| msgid "ldap_search_base (string)" +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_user_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3469,7 +4215,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3477,7 +4223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3499,18 +4245,18 @@ msgstr "" " enumerate = true\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "NOTAS" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3519,7 +4265,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3989,73 +4735,112 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "ipa_dyndns_iface (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "Default: Use base DN" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_host_search_base (string)" +msgstr "ipa_hbac_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_hbac_search_base (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "krb5_validate (boolean)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -4063,12 +4848,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4076,17 +4861,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4095,144 +4880,334 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "Padrão: DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "Padrão: memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "Padrão: memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "Padrão: externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "Padrão: nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "Padrão: ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (string)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "Padrão: fqdn" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +#, fuzzy +#| msgid "ipa_host_object_class (string)" +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "ipa_host_object_class (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +#, fuzzy +#| msgid "ldap_user_fullname (string)" +msgid "ipa_selinux_usermap_name (string)" +msgstr "ldap_user_fullname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +#, fuzzy +#| msgid "ipa_netgroup_member_host (string)" +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "ipa_netgroup_member_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +#, fuzzy +#| msgid "ipa_netgroup_member_host (string)" +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "ipa_netgroup_member_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +#, fuzzy +#| msgid "ipa_netgroup_member_host (string)" +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "ipa_netgroup_member_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +#, fuzzy +#| msgid "Default: false" +msgid "Default: seeAlso" +msgstr "Padrão: false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +#, fuzzy +#| msgid "ipa_server (string)" +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "ipa_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +#, fuzzy +#| msgid "Default: ipaHost" +msgid "Default: ipaSELinuxUser" +msgstr "Padrão: ipaHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +#, fuzzy +#| msgid "ipa_server (string)" +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "ipa_server (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +#, fuzzy +#| msgid "Default: false" +msgid "Default: ipaEnabledFlag" +msgstr "Padrão: false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +#, fuzzy +#| msgid "ldap_user_search_filter (string)" +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "ldap_user_search_filter (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +#, fuzzy +#| msgid "Default: homeDirectory" +msgid "Default: userCategory" +msgstr "Padrão: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +#, fuzzy +#| msgid "ipa_netgroup_member_host (string)" +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "ipa_netgroup_member_host (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +#, fuzzy +#| msgid "Default: host" +msgid "Default: hostCategory" +msgstr "Padrão: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +#, fuzzy +#| msgid "ldap_user_uuid (string)" +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "ldap_user_uuid (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +#, fuzzy +#| msgid "Default: nsUniqueId" +msgid "Default: ipaUniqueID" +msgstr "Padrão: nsUniqueId" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "ipa_host_ssh_public_key (string)" +msgstr "ipa_hostname (string)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +#, fuzzy +#| msgid "Default: ipaHost" +msgid "Default: ipaSshPubKey" +msgstr "Padrão: ipaHost" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4240,7 +5215,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4254,7 +5229,7 @@ msgstr "" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -5669,3 +6644,6 @@ msgstr "<option>-h</option>,<option>--help</option>" #: include/param_help.xml:7 msgid "Display help message and exit." msgstr "Exibe a mensagem de ajuda e sai." + +#~ msgid "Supported services: nss, pam" +#~ msgstr "Suporte para serviços: nss, pam" diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po index 4f798855c..dace53248 100644 --- a/src/man/po/pt_BR.po +++ b/src/man/po/pt_BR.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/ru.po b/src/man/po/ru.po index 11dc9d19a..44acacad7 100644 --- a/src/man/po/ru.po +++ b/src/man/po/ru.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/sk.po b/src/man/po/sk.po index bcb189ac9..b9a45f055 100644 --- a/src/man/po/sk.po +++ b/src/man/po/sk.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/sq.po b/src/man/po/sq.po index ad6ea957c..8174079ca 100644 --- a/src/man/po/sq.po +++ b/src/man/po/sq.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/sr.po b/src/man/po/sr.po index 97aa572f3..ab3ef61f7 100644 --- a/src/man/po/sr.po +++ b/src/man/po/sr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Serbian <trans-sr@lists.fedoraproject.org>\n" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot index ce8d6779c..19264f096 100644 --- a/src/man/po/sssd-docs.pot +++ b/src/man/po/sssd-docs.pot @@ -6,9 +6,9 @@ #, fuzzy msgid "" msgstr "" -"Project-Id-Version: sssd-docs 1.7.0\n" +"Project-Id-Version: sssd-docs 1.7.91\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -93,7 +93,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 msgid "SEE ALSO" msgstr "" @@ -200,7 +200,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -228,33 +228,33 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -263,19 +263,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -283,7 +283,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -291,19 +291,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax " "(?P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> " "<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes " @@ -311,17 +311,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -330,7 +330,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -338,40 +338,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at " "build-time. (__LIBKRB5_DEFAULTS__ if not configured)" @@ -389,12 +389,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -403,57 +403,57 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called " "<command>sssd_${service_name}</command>. This directive allows to change " @@ -462,46 +462,46 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) " "service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -509,7 +509,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -519,7 +519,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -528,17 +528,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -546,17 +546,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set " @@ -565,77 +565,77 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -643,138 +643,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in " "<quote>/etc/shells</quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in " "<quote>/etc/shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the " "machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -782,59 +782,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during " "authentication. The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -842,7 +842,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a " @@ -852,17 +852,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -870,29 +870,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For " @@ -901,56 +980,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -960,14 +1039,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -976,44 +1055,97 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1022,47 +1154,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified " "names. For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1071,19 +1203,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " @@ -1091,7 +1223,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -1099,29 +1231,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1129,17 +1261,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> " @@ -1148,24 +1280,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " @@ -1174,7 +1306,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> " @@ -1183,7 +1315,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> " @@ -1191,71 +1323,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> " +"</citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring " +"IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1263,51 +1456,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called " @@ -1316,29 +1509,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1346,19 +1539,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" " "id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1366,73 +1559,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1440,17 +1633,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1459,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1477,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1495,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1535,7 +1728,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1544,7 +1737,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> " @@ -1869,7 +2062,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1929,7 +2122,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1939,14 +2132,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2216,11 +2409,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2229,29 +2432,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2259,52 +2462,52 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2312,24 +2515,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2337,89 +2540,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups " "(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD " @@ -2427,112 +2630,191 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2540,7 +2822,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2548,17 +2830,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2566,17 +2848,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> " @@ -2587,12 +2869,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2600,12 +2882,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2614,47 +2896,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single " "request. Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 -msgid "You can turn off dereference lookups completely by setting the value to 0." +#: sssd-ldap.5.xml:1088 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use " +"it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2663,7 +2974,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2671,26 +2982,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2698,7 +3009,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2706,7 +3017,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2714,41 +3025,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in " "<filename>/etc/openldap/ldap.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2757,37 +3068,37 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2795,90 +3106,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem " "class=\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2886,27 +3197,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of " @@ -2918,7 +3229,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2926,7 +3237,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of " "SSSD. While the legacy name is recognized for the time being, users are " @@ -2935,63 +3246,62 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client " "side. The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use " "<citerefentry><refentrytitle>shadow</refentrytitle> " "<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the " -"password has expired. Note that the current version of sssd cannot update " -"this attribute during a password change." +"password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -2999,61 +3309,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3063,12 +3373,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3077,14 +3387,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3093,24 +3403,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3118,19 +3428,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3139,7 +3449,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, " "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check " @@ -3147,7 +3457,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3156,89 +3466,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3255,73 +3565,352 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 -msgid "An optional base DN to restrict netgroup searches to a specific subtree." +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1685 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> " +"</citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder " +"type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" " +"id=\"2\"/> <placeholder type=\"variablelist\" id=\"3\"/> <placeholder " +"type=\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = " @@ -3330,33 +3919,53 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3364,7 +3973,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3372,7 +3981,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3386,17 +3995,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 sssd-krb5.5.xml:441 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3405,7 +4014,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " @@ -3872,73 +4481,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3946,12 +4590,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA " "server. This will reduce the latency and load on the IPA server if there are " @@ -3959,17 +4603,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3978,144 +4622,297 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and " "example.com is one of the domains in the <replaceable>[sssd]</replaceable> " @@ -4123,7 +4920,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4133,7 +4930,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> " "<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> " diff --git a/src/man/po/ta.po b/src/man/po/ta.po index a55bde818..b226d305d 100644 --- a/src/man/po/ta.po +++ b/src/man/po/ta.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/tr.po b/src/man/po/tr.po index 0127611f4..587d9e437 100644 --- a/src/man/po/tr.po +++ b/src/man/po/tr.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/uk.po b/src/man/po/uk.po index cd5b07fbd..9e38785fc 100644 --- a/src/man/po/uk.po +++ b/src/man/po/uk.po @@ -9,7 +9,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2011-12-21 10:12+0000\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n" "Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n" @@ -122,9 +122,9 @@ msgstr "" "replaceable>." #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -258,7 +258,7 @@ msgid "The [sssd] section" msgstr "Розділ [sssd]" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "Параметри розділу" @@ -291,16 +291,17 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" -msgstr "Підтримувані служби: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" +msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "reconnection_retries (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" @@ -310,17 +311,17 @@ msgstr "" "визнання подальших спроб безнадійними." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "Типове значення: 3" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "domains" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -334,12 +335,12 @@ msgstr "" "до них запитів щодо даних." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "re_expression (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." @@ -348,7 +349,7 @@ msgstr "" "доменом на його частини." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -359,7 +360,7 @@ msgstr "" "домену — все після цього символу." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -371,7 +372,7 @@ msgstr "" "платформах з версією libpcre 7." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." @@ -381,12 +382,12 @@ msgstr "" "підшаблонів." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "full_name_format (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -397,17 +398,17 @@ msgstr "" "кортежу (назва, домен) у назву належного формату." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "Типове значення: <quote>%1$s@%2$s</quote>." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "try_inotify (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -420,7 +421,7 @@ msgstr "" "виконуватиметься опитування resolv.conf кожні п’ять секунд." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -430,7 +431,7 @@ msgstr "" "рідкісних випадках слід встановити для цього параметра значення «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." @@ -439,7 +440,7 @@ msgstr "" "інших платформах." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." @@ -449,12 +450,12 @@ msgstr "" "опитування файла." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "krb5_rcache_dir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." @@ -463,7 +464,7 @@ msgstr "" "Kerberos." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." @@ -473,7 +474,7 @@ msgstr "" "для кешу відтворення." #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -498,12 +499,12 @@ msgstr "" "профілів. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "РОЗДІЛИ СЛУЖБ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -516,61 +517,62 @@ msgstr "" "у розділі <quote>[nss]</quote>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "Загальні параметри налаштування служб" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "debug_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "debug_timestamps (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "Додати часову позначку до діагностичних повідомлень." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "Типове значення: true" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "debug_microseconds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" "Додати значення мікросекунд до часової позначки у діагностичних повідомленнях" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "Типове значення: false" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "command (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -582,17 +584,17 @@ msgstr "" "файла служби. Здебільшого потреби у зміні типового значення не виникатиме." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "Типове значення: <command>sssd_${назва_служби}</command>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "Параметри налаштування NSS" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" @@ -600,12 +602,12 @@ msgstr "" "Switch (NSS або перемикання служби визначення назв)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "enum_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" @@ -614,17 +616,17 @@ msgstr "" "кеші nss_sss у секундах" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "Типове значення: 120" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "entry_cache_nowait_percentage (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -635,7 +637,7 @@ msgstr "" "entry_cache_timeout для домену період часу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -650,7 +652,7 @@ msgstr "" "розблокування після оновлення кешу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -664,17 +666,17 @@ msgstr "" "можливість." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "Типове значення: 50" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "entry_negative_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -685,17 +687,17 @@ msgstr "" "даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "Типове значення: 15" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "filter_users, filter_groups (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -709,17 +711,17 @@ msgstr "" "списку користувачами лише з певного домену." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "Типове значення: root" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "filter_users_in_groups (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" @@ -727,62 +729,62 @@ msgstr "" "встановіть для цього параметра значення «false»." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "override_homedir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "%u" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "ім'я користувача" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "%U" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "номер UID" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "%d" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "назва домену" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "%f" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "ім’я користувача повністю (користувач@домен)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "%%" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "символ відсотків («%»)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -793,18 +795,18 @@ msgstr "" "<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" "Значення цього параметра можна встановлювати для кожного з доменів окремо." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "allowed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" @@ -812,13 +814,13 @@ msgstr "" "визначення оболонки є таким:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" "1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." @@ -828,7 +830,7 @@ msgstr "" "shell_fallback." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." @@ -837,12 +839,12 @@ msgstr "" "<quote>/etc/shells</quote>, буде використано оболонку nologin." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "Порожній рядок оболонки буде передано без обробки до libc." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." @@ -851,29 +853,29 @@ msgstr "" "тобто у разі встановлення нової оболонки слід перезапустити SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" "Типове значення: не встановлено. Автоматично використовується оболонка " "користувача." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "vetoed_shells (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "Замінити всі записи цих оболонок на shell_fallback" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "shell_fallback (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" @@ -881,17 +883,17 @@ msgstr "" "системі не встановлено." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "Типове значення: /bin/sh" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "Параметри налаштування PAM" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." @@ -900,12 +902,12 @@ msgstr "" "Authentication Module (PAM або блокового модуля розпізнавання)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "offline_credentials_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." @@ -915,17 +917,17 @@ msgstr "" "входу до системи)." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "offline_failed_login_attempts (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." @@ -934,12 +936,12 @@ msgstr "" "дозволену кількість спроб входу з визначенням помилкового пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "offline_failed_login_delay (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." @@ -949,7 +951,7 @@ msgstr "" "системи." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -961,17 +963,17 @@ msgstr "" "увімкнути можливість автономного розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "Типове значення: 5" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "pam_verbosity (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." @@ -980,43 +982,43 @@ msgstr "" "розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "У поточній версії sssd передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" "<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "Типове значення: 1" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "pam_id_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -1027,7 +1029,7 @@ msgstr "" "що розпізнавання виконується на основі найсвіжіших даних." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -1041,18 +1043,18 @@ msgstr "" "надання даних профілів." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "pam_pwd_expiration_warning (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" "Показати попередження за вказану кількість днів перед завершенням дії пароля." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -1063,22 +1065,133 @@ msgstr "" "попередження." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "Типове значення: 7" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +#, fuzzy +#| msgid "NSS configuration options" +msgid "SUDO configuration options" +msgstr "Параметри налаштування NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +#, fuzzy +#| msgid "These options can be used to configure any service." +msgid "These options can be used to configure the sudo service." +msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +#, fuzzy +#| msgid "enum_cache_timeout (integer)" +msgid "sudo_cache_timeout (integer)" +msgstr "enum_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +#, fuzzy +#| msgid "" +#| "For any PAM request while SSSD is online, the SSSD will attempt to " +#| "immediately update the cached identity information for the user in order " +#| "to ensure that authentication takes place with the latest information." +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" +"Для кожного з запитів PAM під час роботи SSSD система SSSD зробить спробу " +"негайно оновити кешовані дані щодо профілю користувача з метою переконатися, " +"що розпізнавання виконується на основі найсвіжіших даних." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +#, fuzzy +#| msgid "Default: 10" +msgid "Default: 180" +msgstr "Типове значення: 10" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +#, fuzzy +#| msgid "debug_timestamps (bool)" +msgid "sudo_timed (bool)" +msgstr "debug_timestamps (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +#, fuzzy +#| msgid "NSS configuration options" +msgid "AUTOFS configuration options" +msgstr "Параметри налаштування NSS" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +#, fuzzy +#| msgid "These options can be used to configure any service." +msgid "These options can be used to configure the autofs service." +msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб." + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +#, fuzzy +#| msgid "entry_negative_timeout (integer)" +msgid "autofs_negative_timeout (integer)" +msgstr "entry_negative_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +#, fuzzy +#| msgid "" +#| "Specifies for how many seconds nss_sss should cache negative cache hits " +#| "(that is, queries for invalid database entries, like nonexistent ones) " +#| "before asking the back end again." +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" +"Визначає кількість секунд, протягом яких nss_sss має кешувати негативні " +"результати пошуку у кеші (тобто запити щодо некоректних записів у базі " +"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки." + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "РОЗДІЛИ ДОМЕНІВ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "min_id,max_id (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." @@ -1087,7 +1200,7 @@ msgstr "" "відповідає цим обмеженням, його буде проігноровано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -1100,17 +1213,17 @@ msgstr "" "основної групи і належать діапазону, буде виведено у звичайному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." @@ -1119,17 +1232,17 @@ msgstr "" "забезпечення роботи процесу основного модуля, який має відповідати на запити." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "Типове значення: 10" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "enumerate (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" @@ -1138,22 +1251,22 @@ msgstr "" "значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "TRUE = користувачі і групи нумеруються" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "FALSE = не використовувати нумерацію для цього домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "Типове значення: FALSE" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -1168,7 +1281,7 @@ msgstr "" "системи виконанням нумерації." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." @@ -1178,7 +1291,7 @@ msgstr "" "завершено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -1192,12 +1305,12 @@ msgstr "" "відповідного використаного засобу обробки ідентифікаторів (id_provider)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "entry_cache_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" @@ -1206,36 +1319,124 @@ msgstr "" "надсилати повторний запит до сервера" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "Типове значення: 5400" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_user_timeout (integer)" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "Default: entry_cache_timeout" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_group_timeout (integer)" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +#, fuzzy +#| msgid "entry_cache_timeout (integer)" +msgid "entry_cache_service_timeout (integer)" +msgstr "entry_cache_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +#, fuzzy +#| msgid "" +#| "How many seconds should nss_sss consider entries valid before asking the " +#| "backend again" +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" +"Кількість секунд, протягом яких nss_sss вважатиме записи чинними, перш ніж " +"надсилати повторний запит до сервера" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "cache_credentials (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" "Визначає, чи слід також кешувати реєстраційні дані користувача у локальному " "кеші LDB" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" "Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у " "форматі звичайного тексту" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "account_cache_expiration (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1248,47 +1449,47 @@ msgstr "" "offline_credentials_expiration." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "Типове значення: 0 (без обмежень)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "id_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "Модуль надання даних щодо профілів користувачів для цього домену." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "Підтримувані модулі:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "proxy: підтримка застарілого модуля надання даних NSS" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "local: вбудований модуль надання локальних даних SSSD" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "ldap: модуль надання даних LDAP" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "use_fully_qualified_names (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1301,12 +1502,12 @@ msgstr "" "не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "auth_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" @@ -1315,7 +1516,7 @@ msgstr "" "служб розпізнавання:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1327,7 +1528,7 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1339,18 +1540,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." @@ -1359,12 +1560,12 @@ msgstr "" "спосіб встановлено і можлива обробка запитів щодо розпізнавання." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "access_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1375,17 +1576,17 @@ msgstr "" "Вбудованими програмами є:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "<quote>permit</quote> — завжди дозволяти доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "<quote>deny</quote> — завжди забороняти доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1398,17 +1599,17 @@ msgstr "" "refentrytitle> <manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "Типове значення: <quote>permit</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "chpass_provider (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" @@ -1417,7 +1618,7 @@ msgstr "" "підтримку таких систем зміни паролів:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1429,7 +1630,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1441,7 +1642,7 @@ msgstr "" "manvolnum> </citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1453,18 +1654,18 @@ msgstr "" "citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." @@ -1473,12 +1674,122 @@ msgstr "" "цього параметра і якщо система здатна обробляти запити щодо паролів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +#, fuzzy +#| msgid "id_provider (string)" +msgid "sudo_provider (string)" +msgstr "id_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +#, fuzzy +#| msgid "" +#| "The authentication provider used for the domain. Supported auth " +#| "providers are:" +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" +"Служба розпізнавання, яку використано для цього домену. Серед підтримуваних " +"служб розпізнавання:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +#, fuzzy +#| msgid "" +#| "<quote>ldap</quote> to change a password stored in a LDAP server. See " +#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring LDAP." +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" +"<quote>ldap</quote> — змінити пароль, що зберігається на сервері LDAP. " +"Докладніші відомості щодо налаштування LDAP викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +#, fuzzy +#| msgid "<quote>none</quote> disables authentication explicitly." +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "<quote>none</quote> — вимкнути розпізнавання повністю." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +#, fuzzy +#| msgid "" +#| "Default: <quote>id_provider</quote> is used if it is set and can handle " +#| "authentication requests." +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" +"Типове значення: буде використано <quote>id_provider</quote>, якщо цей " +"спосіб встановлено і можлива обробка запитів щодо розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +#, fuzzy +#| msgid "access_provider (string)" +msgid "session_provider (string)" +msgstr "access_provider (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +#, fuzzy +#| msgid "" +#| "The provider which should handle change password operations for the " +#| "domain. Supported change password providers are:" +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" +"Система, яка має обробляти дії зі зміни паролів для домену. Передбачено " +"підтримку таких систем зміни паролів:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +#, fuzzy +#| msgid "" +#| "<quote>ipa</quote> to change a password stored in an IPA server. See " +#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +#| "manvolnum> </citerefentry> for more information on configuring IPA." +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" +"<quote>ipa</quote> — змінити пароль, що зберігається на сервері IPA. " +"Докладніші відомості щодо налаштування IPA викладено у довіднику з " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></" +"manvolnum> </citerefentry>." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +#, fuzzy +#| msgid "<quote>none</quote> disallows password changes explicitly." +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +#, fuzzy +#| msgid "" +#| "Default: <quote>id_provider</quote> is used if it is set and can handle " +#| "authentication requests." +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" +"Типове значення: буде використано <quote>id_provider</quote>, якщо цей " +"спосіб встановлено і можлива обробка запитів щодо розпізнавання." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "lookup_family_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." @@ -1487,48 +1798,48 @@ msgstr "" "під час виконання пошуків у DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "Передбачено підтримку таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" "ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі " "спробувати формат IPv6" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" "ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" "ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі " "спробувати формат IPv4" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" "ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "Типове значення: ipv4_first" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "dns_resolver_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1539,12 +1850,12 @@ msgstr "" "очікування буде перевищено, домен продовжуватиме роботу у автономному режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "dns_discovery_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." @@ -1553,28 +1864,28 @@ msgstr "" "частину запиту визначення служб DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" "Типова поведінка: використовувати назву домену з назви вузла комп’ютера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "override_gid (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "Замірити значення основного GID на вказане." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "case_sensitive (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." @@ -1583,12 +1894,12 @@ msgstr "" "версії підтримку передбачено лише для локальних надавачів даних." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "Типове значення: True" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1599,17 +1910,17 @@ msgstr "" "quote> <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "proxy_pam_target (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "Комп’ютер, для якого виконує проксі-сервер PAM." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." @@ -1618,12 +1929,12 @@ msgstr "" "налаштуваннями pam або створити нові і тут додати назву служби." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "proxy_lib_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1634,7 +1945,7 @@ msgstr "" "наприклад _nss_files_getpwent." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" @@ -1643,12 +1954,12 @@ msgstr "" "\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "Розділ локального домену" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1659,29 +1970,29 @@ msgstr "" "використовує <replaceable>id_provider=local</replaceable>." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "default_shell (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" "Типова оболонка для записів користувачів, створених за допомогою " "інструментів простору користувачів SSSD." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "Типове значення: <filename>/bin/bash</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "base_directory (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." @@ -1690,17 +2001,17 @@ msgstr "" "replaceable> і використовують отриману адресу як адресу домашнього каталогу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "Типове значення: <filename>/home</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "create_homedir (булеве значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." @@ -1709,17 +2020,17 @@ msgstr "" "Може бути перевизначено з командного рядка." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "Типове значення: TRUE" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "remove_homedir (булівське значення)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." @@ -1728,12 +2039,12 @@ msgstr "" "користувачів. Може бути перевизначено з командного рядка." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "homedir_umask (ціле число)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1744,17 +2055,17 @@ msgstr "" "до щойно створеного домашнього каталогу." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "Типове значення: 077" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "skel_dir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1767,17 +2078,17 @@ msgstr "" "<manvolnum>8</manvolnum> </citerefentry>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "Типове значення: <filename>/etc/skel</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "mail_dir (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1788,17 +2099,17 @@ msgstr "" "каталог не вказано, буде використано типове значення." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "Типове значення: <filename>/var/mail</filename>" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "userdel_cmd (рядок)" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1809,18 +2120,18 @@ msgstr "" "вилучається. Код виконання, повернутий програмою не обробляється." #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "Типове значення: None, не виконувати жодних команд" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "ПРИКЛАД" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1874,7 +2185,7 @@ msgstr "" "enumerate = False\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1886,7 +2197,7 @@ msgstr "" "щодо налаштування доменів. <placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -2283,7 +2594,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "Типове значення: gidNumber" @@ -2344,7 +2655,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "Типове значення: nsUniqueId" @@ -2354,7 +2665,7 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "ldap_user_modify_timestamp (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." @@ -2363,7 +2674,7 @@ msgstr "" "об’єкта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "Типове значення: modifyTimestamp" @@ -2678,11 +2989,27 @@ msgstr "Типове значення: krbPrincipalName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 +#, fuzzy +#| msgid "ldap_user_shell (string)" +msgid "ldap_user_ssh_public_key (string)" +msgstr "ldap_user_shell (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:585 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the path to the user's default shell." +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" +"Атрибут LDAP, що містить шлях до типової командної оболонки користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 msgid "ldap_force_upper_case_realm (boolean)" msgstr "ldap_force_upper_case_realm (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:585 +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2696,12 +3023,12 @@ msgstr "" "області у верхньому регістрі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "ldap_enumeration_refresh_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." @@ -2710,17 +3037,17 @@ msgstr "" "очікувати до оновлення свого кешу нумерованих записів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "Типове значення: 300" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "ldap_purge_cache_timeout" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2731,53 +3058,55 @@ msgstr "" "цих записів з метою економії місця." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" "Встановлення нульового значення цього параметра вимкне дію з очищення кешу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "Типове значення: 10800 (12 годин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "ldap_user_fullname (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "Атрибут LDAP, що відповідає повному імені користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "Типове значення: cn" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "ldap_user_member_of (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "Типове значення: memberOf" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "ldap_user_authorized_service (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2788,7 +3117,7 @@ msgstr "" "LDAP для визначення прав доступу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." @@ -2797,17 +3126,17 @@ msgstr "" "(svc) і нарешті загальні дозволи або allow_all (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "Типове значення: authorizedService" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "ldap_user_authorized_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2818,7 +3147,7 @@ msgstr "" "доступу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." @@ -2827,82 +3156,82 @@ msgstr "" "(host) і нарешті загальні дозволи або allow_all (*)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "Типове значення: host" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "ldap_group_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "Клас об’єктів запису групи у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "Типове значення: posixGroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "ldap_group_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "Атрибут LDAP, що відповідає назві групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "ldap_group_gid_number (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "Атрибут LDAP, що відповідає ідентифікатору групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "ldap_group_member (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "Атрибут LDAP, у якому містяться імена учасників групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "ldap_group_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "ldap_group_modify_timestamp (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "ldap_group_nesting_level (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2914,148 +3243,266 @@ msgstr "" "параметра буде проігноровано, якщо використано схему RFC2307." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "Типове значення: 2" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "ldap_netgroup_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "Типове значення: nisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "ldap_netgroup_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "ldap_netgroup_member (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" "Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "Типове значення: memberNisNetgroup" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "ldap_netgroup_triple (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" "Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "Цим параметром не можна скористатися у надавачі даних IPA." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "Типове значення: nisNetgroupTriple" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "ldap_netgroup_uuid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "У надавачі даних IPA має бути використано ipa_netgroup_uuid." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "ldap_netgroup_modify_timestamp (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 -msgid "ldap_search_timeout (integer)" -msgstr "ldap_search_timeout (ціле число)" +#: sssd-ldap.5.xml:900 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_service_object_class (string)" +msgstr "ldap_user_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 -msgid "" -"Specifies the timeout (in seconds) that ldap searches are allowed to run " -"before they are cancelled and cached results are returned (and offline mode " -"is entered)" -msgstr "" -"Визначає час очікування на дані (у секундах) для виконання пошуків ldap, " -"перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до " -"автономного режиму роботи)" +#: sssd-ldap.5.xml:903 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of a service entry in LDAP." +msgstr "Клас об’єктів запису користувача у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 -msgid "" -"Note: this option is subject to change in future versions of the SSSD. It " -"will likely be replaced at some point by a series of timeouts for specific " -"lookup types." -msgstr "" -"Зауваження: роботу цього параметра буде змінено у наступних версіях SSSD. " -"Ймовірно, його буде колись замінено на послідовність часів очікування для " -"окремих типів пошуків." +#: sssd-ldap.5.xml:906 +#, fuzzy +#| msgid "Default: authorizedService" +msgid "Default: ipService" +msgstr "Типове значення: authorizedService" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +#, fuzzy +#| msgid "ldap_dns_service_name (string)" +msgid "ldap_service_name (string)" +msgstr "ldap_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 -msgid "Default: 6" -msgstr "Типове значення: 6" +#: sssd-ldap.5.xml:915 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the name of the user's home directory." +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 -msgid "ldap_enumeration_search_timeout (integer)" -msgstr "ldap_enumeration_search_timeout (ціле число)" +#: sssd-ldap.5.xml:925 +#, fuzzy +#| msgid "ldap_tls_cert (string)" +msgid "ldap_service_port (string)" +msgstr "ldap_tls_cert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:928 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the name of the user's home directory." +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +#, fuzzy +#| msgid "Default: ipv4_first" +msgid "Default: ipServicePort" +msgstr "Типове значення: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +#, fuzzy +#| msgid "ldap_tls_cert (string)" +msgid "ldap_service_proto (string)" +msgstr "ldap_tls_cert (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the path to the user's default shell." +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" +"Атрибут LDAP, що містить шлях до типової командної оболонки користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +#, fuzzy +#| msgid "Default: ipv4_first" +msgid "Default: ipServiceProtocol" +msgstr "Типове значення: ipv4_first" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_service_search_base (string)" +msgstr "ldap_user_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +#, fuzzy +#| msgid "An optional base DN to restrict user searches to a specific subtree." +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" +"Додатковий основний DN для обмеження пошуків користувачів певною гілкою " +"ієрархії." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" +"Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про " +"налаштування декількох основ пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 +msgid "ldap_search_timeout (integer)" +msgstr "ldap_search_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:973 +msgid "" +"Specifies the timeout (in seconds) that ldap searches are allowed to run " +"before they are cancelled and cached results are returned (and offline mode " +"is entered)" +msgstr "" +"Визначає час очікування на дані (у секундах) для виконання пошуків ldap, " +"перш ніж пошук буде скасовано з поверненням кешованих даних (і переходом до " +"автономного режиму роботи)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:979 +msgid "" +"Note: this option is subject to change in future versions of the SSSD. It " +"will likely be replaced at some point by a series of timeouts for specific " +"lookup types." +msgstr "" +"Зауваження: роботу цього параметра буде змінено у наступних версіях SSSD. " +"Ймовірно, його буде колись замінено на послідовність часів очікування для " +"окремих типів пошуків." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 +msgid "Default: 6" +msgstr "Типове значення: 6" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:991 +msgid "ldap_enumeration_search_timeout (integer)" +msgstr "ldap_enumeration_search_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -3066,17 +3513,17 @@ msgstr "" "кешованих даних (і переходом до автономного режиму роботи)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "Типове значення: 60" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "ldap_network_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -3093,12 +3540,12 @@ msgstr "" "citerefentry> повертається до стану бездіяльності." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "ldap_opt_timeout (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -3110,12 +3557,12 @@ msgstr "" "випадку прив’язки SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "ldap_connection_expire_timeout (ціле значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -3129,17 +3576,17 @@ msgstr "" "дії TGT)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "Типове значення: 900 (15 хвилин)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "ldap_page_size (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." @@ -3149,17 +3596,45 @@ msgstr "" "один запит." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "Типове значення: 1000" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1082 +msgid "" +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1088 +msgid "" +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 msgid "ldap_deref_threshold (integer)" msgstr "ldap_deref_threshold (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1106 msgid "" "Specify the number of group members that must be missing from the internal " "cache in order to trigger a dereference lookup. If less members are missing, " @@ -3171,7 +3646,7 @@ msgstr "" "виконуватиметься окремо." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1112 msgid "" "You can turn off dereference lookups completely by setting the value to 0." msgstr "" @@ -3179,7 +3654,7 @@ msgstr "" "(розіменуванням), якщо вкажете значення 0." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -3192,7 +3667,7 @@ msgstr "" "OpenLDAP та Active Directory." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -3203,12 +3678,12 @@ msgstr "" "незалежно від використання цього параметра." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "ldap_tls_reqcert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" @@ -3218,7 +3693,7 @@ msgstr "" "таких значень:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." @@ -3227,7 +3702,7 @@ msgstr "" "жодних сертифікатів сервера." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3239,7 +3714,7 @@ msgstr "" "режимі." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -3250,7 +3725,7 @@ msgstr "" "надано помилковий сертифікат, негайно перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -3261,22 +3736,22 @@ msgstr "" "перервати сеанс." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "Типове значення: hard" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "ldap_tls_cacert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." @@ -3285,7 +3760,7 @@ msgstr "" "розпізнаються <command>sssd</command>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" @@ -3294,12 +3769,12 @@ msgstr "" "у <filename>/etc/openldap/ldap.conf</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "ldap_tls_cacertdir (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -3312,38 +3787,38 @@ msgstr "" "<command>cacertdir_rehash</command>, якщо ця програма є доступною." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "ldap_tls_cert (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "Визначає файл, який містить сертифікат для ключа клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "Типове значення: not set" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "ldap_tls_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "Визначає файл, у якому міститься ключ клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "ldap_tls_cipher_suite (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -3355,12 +3830,12 @@ msgstr "" "<manvolnum>5</manvolnum></citerefentry>." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "ldap_id_use_start_tls (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." @@ -3369,12 +3844,12 @@ msgstr "" "class=\"protocol\">tls</systemitem> для захисту каналу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "ldap_sasl_mech (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." @@ -3383,17 +3858,17 @@ msgstr "" "перевірено і підтримується лише механізм GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "Типове значення: none" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "ldap_sasl_authid (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." @@ -3403,17 +3878,17 @@ msgstr "" "використовується для розпізнавання під час доступу до каталогу." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "Типове значення: вузол/комп’ютер.fqdn@ОБЛАСТЬ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "ldap_sasl_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." @@ -3423,34 +3898,34 @@ msgstr "" "SASL." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "Типове значення: false;" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "ldap_krb5_keytab (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5." "keytab</filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "ldap_krb5_init_creds (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -3461,27 +3936,27 @@ msgstr "" "механізм GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "ldap_krb5_ticket_lifetime (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "Типове значення: 86400 (24 години)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "krb5_server (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -3500,7 +3975,7 @@ msgstr "" "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -3512,7 +3987,7 @@ msgstr "" "вдасться знайти." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -3523,29 +3998,29 @@ msgstr "" "варто перейти на використання «krb5_server» у файлах налаштувань." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "krb5_realm (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</" "filename>" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "krb5_canonicalize (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" @@ -3555,12 +4030,12 @@ msgstr "" "версії MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "ldap_pwd_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" @@ -3569,7 +4044,7 @@ msgstr "" "використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." @@ -3578,12 +4053,17 @@ msgstr "" "разі використання цього варіанта перевірку на боці сервера вимкнено не буде." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 +#, fuzzy +#| msgid "" +#| "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" +#| "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes " +#| "to evaluate if the password has expired. Note that the current version " +#| "of sssd cannot update this attribute during a password change." msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" "<emphasis>shadow</emphasis> — використовувати атрибути у форматі " "<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</" @@ -3592,7 +4072,7 @@ msgstr "" "цього атрибута під час зміни пароля." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3603,18 +4083,18 @@ msgstr "" "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "ldap_referrals (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." @@ -3623,28 +4103,28 @@ msgstr "" "з версією OpenLDAP 2.4.13 або новішою версією." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "ldap_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" "Визначає назву служби, яку буде використано у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "Типове значення: ldap" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "ldap_chpass_dns_service_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." @@ -3653,17 +4133,17 @@ msgstr "" "уможливлює зміну паролів, у разі вмикання визначення служб." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "ldap_access_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3679,12 +4159,12 @@ msgstr "" "скористайтеся параметром access_provider = allow" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "Приклад:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3696,7 +4176,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." @@ -3704,7 +4184,7 @@ msgstr "" "У прикладі доступ до вузла обмежено учасниками групи «allowedusers» у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3718,17 +4198,17 @@ msgstr "" "таких прав не було надано, у автономному режимі їх також не буде надано." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "Типове значення: порожній рядок" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "ldap_account_expire_policy (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." @@ -3737,7 +4217,7 @@ msgstr "" "керування доступом на боці клієнта." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3748,12 +4228,12 @@ msgstr "" "з відповідним кодом помилки, навіть якщо вказано правильний пароль." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "Можна використовувати такі значення:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." @@ -3762,7 +4242,7 @@ msgstr "" "визначити, чи завершено строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3775,7 +4255,7 @@ msgstr "" "Також буде перевірено, чи не вичерпано строк дії облікового запису." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3786,7 +4266,7 @@ msgstr "" "ldap_ns_account_lock." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3799,30 +4279,30 @@ msgstr "" "атрибутів, надати доступ." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "ldap_access_order (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" "Список відокремлених комами параметрів керування доступом. Можливі значення " "списку:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" @@ -3830,161 +4310,548 @@ msgstr "" "<emphasis>authorized_service</emphasis>: використовувати для визначення " "можливості доступу атрибут authorizedService" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 -msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1587 +msgid "<emphasis>host</emphasis>: use the host attribute to determine access" +msgstr "" +"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " +"права доступу" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1591 +msgid "Default: filter" +msgstr "Типове значення: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1594 +msgid "" +"Please note that it is a configuration error if a value is used more than " +"once." +msgstr "" +"Зауважте, що програма повідомить про помилку, якщо одне значення було " +"використано декілька разів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1601 +msgid "ldap_deref (string)" +msgstr "ldap_deref (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1604 +msgid "" +"Specifies how alias dereferencing is done when performing a search. The " +"following options are allowed:" +msgstr "" +"Визначає спосіб виконання розіменовування псевдонімів під час виконання " +"пошуку. Можливі такі варіанти:" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1609 +msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." +msgstr "" +"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1613 +msgid "" +"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " +"the base object, but not in locating the base object of the search." +msgstr "" +"<emphasis>searching</emphasis>: розіменування псевдонімів відбувається у " +"межах основного об’єкта, а не на основі визначення місця основного об’єкта " +"пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1618 +msgid "" +"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " +"the base object of the search." +msgstr "" +"<emphasis>finding</emphasis>: розіменування псевдонімів відбувається лише " +"під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1623 +msgid "" +"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " +"in locating the base object of the search." +msgstr "" +"<emphasis>always</emphasis>: розіменування псевдонімів відбувається як під " +"час пошуку, так і під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1628 +msgid "" +"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " +"client libraries)" +msgstr "" +"Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за " +"сценарієм <emphasis>never</emphasis>)" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:51 +msgid "" +"All of the common configuration options that apply to SSSD domains also " +"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " +"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> manual page for full details. <placeholder type=" +"\"variablelist\" id=\"0\"/>" +msgstr "" +"Всі загальні параметри налаштування, які стосуються доменів SSSD, також " +"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " +"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " +"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. " +"<placeholder type=\"variablelist\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1639 +#, fuzzy +#| msgid "OPTIONS" +msgid "SUDO OPTIONS" +msgstr "ПАРАМЕТРИ" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1644 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_sudorule_object_class (string)" +msgstr "ldap_user_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +#, fuzzy +#| msgid "The object class of a user entry in LDAP." +msgid "The object class of a sudo rule entry in LDAP." +msgstr "Клас об’єктів запису користувача у LDAP." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoRole" +msgstr "Типове значення: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_name (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the group name." +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "Атрибут LDAP, що відповідає назві групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +#, fuzzy +#| msgid "ldap_schema (string)" +msgid "ldap_sudorule_command (string)" +msgstr "ldap_schema (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the group name." +msgid "The LDAP attribute that corresponds to the command name." +msgstr "Атрибут LDAP, що відповідає назві групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoCommand" +msgstr "Типове значення: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +#, fuzzy +#| msgid "ldap_user_authorized_host (string)" +msgid "ldap_sudorule_host (string)" +msgstr "ldap_user_authorized_host (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1685 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +#, fuzzy +#| msgid "Default: root" +msgid "Default: sudoHost" +msgstr "Типове значення: root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +#, fuzzy +#| msgid "ldap_user_uid_number (string)" +msgid "ldap_sudorule_user (string)" +msgstr "ldap_user_uid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1699 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the netgroup name." +msgid "" +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" +msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1703 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: sudoUser" +msgstr "Типове значення: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +#, fuzzy +#| msgid "ldap_uri (string)" +msgid "ldap_sudorule_option (string)" +msgstr "ldap_uri (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +#, fuzzy +#| msgid "Default: shadowMin" +msgid "Default: sudoOption" +msgstr "Типове значення: shadowMin" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_runasuser (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: sudoRunAsUser" +msgstr "Типове значення: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_runasgroup (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the group name." +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "Атрибут LDAP, що відповідає назві групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +#, fuzzy +#| msgid "Default: posixGroup" +msgid "Default: sudoRunAsGroup" +msgstr "Типове значення: posixGroup" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +#, fuzzy +#| msgid "ldap_user_uid_number (string)" +msgid "ldap_sudorule_notbefore (string)" +msgstr "ldap_user_uid_number (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +#, fuzzy +#| msgid "Default: uidNumber" +msgid "Default: sudoNotBefore" +msgstr "Типове значення: uidNumber" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_sudorule_notafter (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's primary group id." +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +#, fuzzy +#| msgid "Default: filter" +msgid "Default: sudoNotAfter" +msgstr "Типове значення: filter" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +#, fuzzy +#| msgid "ldap_access_order (string)" +msgid "ldap_sudorule_order (string)" +msgstr "ldap_access_order (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +#, fuzzy +#| msgid "The LDAP attribute that corresponds to the user's id." +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +#, fuzzy +#| msgid "Default: password" +msgid "Default: sudoOrder" +msgstr "Типове значення: password" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +#, fuzzy +#| msgid "ldap_referrals (boolean)" +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "ldap_referrals (булеве значення)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +#, fuzzy +#| msgid "ldap_enumeration_refresh_timeout (integer)" +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "ldap_enumeration_refresh_timeout (ціле число)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains how many seconds SSSD has to wait before " +#| "refreshing its cache of enumerated records." +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" +"Атрибут LDAP, що містить дані щодо кількості секунд, протягом яких SSSD має " +"очікувати до оновлення свого кешу нумерованих записів." + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +#, fuzzy +#| msgid "<placeholder type=\"programlisting\" id=\"0\"/>" +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +#, fuzzy +#| msgid "" +#| "Specifies acceptable cipher suites. Typically this is a colon sperated " +#| "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +#| "<manvolnum>5</manvolnum></citerefentry> for format." +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" msgstr "" -"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити " -"права доступу" +"Визначає прийнятні комплекти програм для шифрування. Записи у типовому " +"списку слід відокремлювати комами. З форматом можна ознайомитися на сторінці " +"довідника до <citerefentry><refentrytitle>ldap.conf</refentrytitle> " +"<manvolnum>5</manvolnum></citerefentry>." -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 -msgid "Default: filter" -msgstr "Типове значення: filter" +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +#, fuzzy +#| msgid "OPTIONS" +msgid "AUTOFS OPTIONS" +msgstr "ПАРАМЕТРИ" -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 msgid "" -"Please note that it is a configuration error if a value is used more than " -"once." +"Please note that the default values correspond to the default schema which " +"is RFC2307." msgstr "" -"Зауважте, що програма повідомить про помилку, якщо одне значення було " -"використано декілька разів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 -msgid "ldap_deref (string)" -msgstr "ldap_deref (рядок)" +#: sssd-ldap.5.xml:1834 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_autofs_map_object_class (string)" +msgstr "ldap_user_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 -msgid "" -"Specifies how alias dereferencing is done when performing a search. The " -"following options are allowed:" -msgstr "" -"Визначає спосіб виконання розіменовування псевдонімів під час виконання " -"пошуку. Можливі такі варіанти:" +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +#, fuzzy +#| msgid "The object class of a group entry in LDAP." +msgid "The object class of an automount map entry in LDAP." +msgstr "Клас об’єктів запису групи у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 -msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." -msgstr "" -"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів." +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +#, fuzzy +#| msgid "Default: root" +msgid "Default: automountMap" +msgstr "Типове значення: root" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_autofs_map_name (string)" +msgstr "ldap_user_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 -msgid "" -"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " -"the base object, but not in locating the base object of the search." -msgstr "" -"<emphasis>searching</emphasis>: розіменування псевдонімів відбувається у " -"межах основного об’єкта, а не на основі визначення місця основного об’єкта " -"пошуку." +#: sssd-ldap.5.xml:1850 +#, fuzzy +#| msgid "The object class of a group entry in LDAP." +msgid "The name of an automount map entry in LDAP." +msgstr "Клас об’єктів запису групи у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 -msgid "" -"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " -"the base object of the search." -msgstr "" -"<emphasis>finding</emphasis>: розіменування псевдонімів відбувається лише " -"під час визначення місця основного об’єкта пошуку." +#: sssd-ldap.5.xml:1853 +#, fuzzy +#| msgid "Default: uid" +msgid "Default: ou" +msgstr "Типове значення: uid" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ldap_autofs_entry_object_class (string)" +msgstr "ldap_user_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +#, fuzzy +#| msgid "ldap_tls_key (string)" +msgid "ldap_autofs_entry_key (string)" +msgstr "ldap_tls_key (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 msgid "" -"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " -"in locating the base object of the search." +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." msgstr "" -"<emphasis>always</emphasis>: розіменування псевдонімів відбувається як під " -"час пошуку, так і під час визначення місця основного об’єкта пошуку." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ldap_autofs_entry_value (string)" +msgstr "ldap_user_name (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 -msgid "" -"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " -"client libraries)" -msgstr "" -"Типове значення: не встановлено (обробка бібліотеками LDAP клієнта за " -"сценарієм <emphasis>never</emphasis>)" +#: sssd-ldap.5.xml:1895 +#, fuzzy +#| msgid "Default: shadowInactive" +msgid "Default: automountInformation" +msgstr "Типове значення: shadowInactive" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:51 +#: sssd-ldap.5.xml:1832 msgid "" -"All of the common configuration options that apply to SSSD domains also " -"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section " -"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</" -"manvolnum> </citerefentry> manual page for full details. <placeholder type=" -"\"variablelist\" id=\"0\"/>" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" msgstr "" -"Всі загальні параметри налаштування, які стосуються доменів SSSD, також " -"стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки " -"підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> " -"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. " -"<placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 +#: sssd-ldap.5.xml:1904 msgid "ADVANCED OPTIONS" msgstr "ДОДАТКОВІ ПАРАМЕТРИ" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 +#: sssd-ldap.5.xml:1911 msgid "ldap_netgroup_search_base (string)" msgstr "ldap_netgroup_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1914 msgid "" "An optional base DN to restrict netgroup searches to a specific subtree." msgstr "" "Додатковий основний DN для обмеження пошуків мережевої групи певною гілкою " "ієрархії." -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 -msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." -msgstr "" -"Ознайомтеся з розділом щодо «ldap_search_base», щоб дізнатися більше про " -"налаштування декількох основ пошуку." - -#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" -msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>" - #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "ldap_user_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" "Додатковий основний DN для обмеження пошуків користувачів певною гілкою " "ієрархії." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "ldap_group_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" "Додатковий основний DN для обмеження пошуків групи певною гілкою ієрархії." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "ldap_user_search_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." @@ -3993,7 +4860,7 @@ msgstr "" "фільтрування LDAP, яким буде обмежено пошук користувачів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." @@ -4002,7 +4869,7 @@ msgstr "" "використовувати синтаксичні конструкції з ldap_user_search_base." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -4012,7 +4879,7 @@ msgstr "" " " #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." @@ -4021,12 +4888,12 @@ msgstr "" "яких встановлено командну оболонку /bin/tcsh." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "ldap_group_search_filter (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." @@ -4035,7 +4902,7 @@ msgstr "" "фільтрування LDAP, яким буде обмежено пошук груп." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." @@ -4043,8 +4910,42 @@ msgstr "" "Цей параметр вважається <emphasis>застарілим</emphasis>. Варто " "використовувати синтаксичні конструкції з ldap_group_search_base." +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +#, fuzzy +#| msgid "ldap_search_base (string)" +msgid "ldap_sudo_search_base (string)" +msgstr "ldap_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +#, fuzzy +#| msgid "An optional base DN to restrict user searches to a specific subtree." +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" +"Додатковий основний DN для обмеження пошуків користувачів певною гілкою " +"ієрархії." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +#, fuzzy +#| msgid "ldap_user_search_base (string)" +msgid "ldap_autofs_search_base (string)" +msgstr "ldap_user_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +#, fuzzy +#| msgid "An optional base DN to restrict user searches to a specific subtree." +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" +"Додатковий основний DN для обмеження пошуків користувачів певною гілкою " +"ієрархії." + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -4055,7 +4956,7 @@ msgstr "" "відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -4066,7 +4967,7 @@ msgstr "" "</replaceable>." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -4088,18 +4989,18 @@ msgstr "" " enumerate = true\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "<placeholder type=\"programlisting\" id=\"0\"/>" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "ЗАУВАЖЕННЯ" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -4112,7 +5013,7 @@ msgstr "" "2.4." #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -4721,13 +5622,20 @@ msgstr "" "оновлювати на сервері DNS, вбудованому до FreeIPA версії 2, IP-адресу цього " "клієнтського комп’ютера." +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "ipa_dyndns_iface (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." @@ -4737,34 +5645,76 @@ msgstr "" "оновлень DNS." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "Типове значення: використовувати IP-адресу з’єднання LDAP IPA" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "ipa_hbac_search_base (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" "Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " "HBAC об’єктів." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "Типове значення: використання базової назви домену" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_host_search_base (string)" +msgstr "ipa_hbac_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +#, fuzzy +#| msgid "" +#| "Optional. Use the given string as search base for HBAC related objects." +msgid "Optional. Use the given string as search base for host objects." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " +"HBAC об’єктів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +#, fuzzy +#| msgid "ipa_hbac_search_base (string)" +msgid "ipa_selinux_search_base (string)" +msgstr "ipa_hbac_search_base (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +#, fuzzy +#| msgid "" +#| "Optional. Use the given string as search base for HBAC related objects." +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" +"Необов’язковий. Використати вказаний рядок як основу пошуку пов’язаних з " +"HBAC об’єктів." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "krb5_validate (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." @@ -4772,7 +5722,7 @@ msgstr "" "Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." @@ -4781,7 +5731,7 @@ msgstr "" "модуля Kerberos." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." @@ -4790,7 +5740,7 @@ msgstr "" "«ipa_domain»." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." @@ -4799,7 +5749,7 @@ msgstr "" "перетворено у основний DN для виконання дій LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -4810,12 +5760,12 @@ msgstr "" "запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "ipa_hbac_refresh (ціле число)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -4826,17 +5776,17 @@ msgstr "" "короткого періоду часу надходить багато запитів щодо керування доступом." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "Типове значення: 5 (секунд)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "ipa_hbac_treat_deny_as (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -4850,7 +5800,7 @@ msgstr "" "періоду передбачено два режими обробки таких правил:" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." @@ -4859,7 +5809,7 @@ msgstr "" "DENY, всім користувачам доступ буде заборонено." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." @@ -4869,17 +5819,17 @@ msgstr "" "небажаним користувачам." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "Типове значення: DENY_ALL" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "ipa_hbac_support_srchost (булеве значення)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." @@ -4887,23 +5837,30 @@ msgstr "" "Якщо встановлено значення «false», значення srchost, вказане SSSD на основі " "даних PAM, буде проігноровано." +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "ipa_netgroup_member_of (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "Атрибут LDAP зі списком учасників мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "ipa_netgroup_member_user (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." @@ -4912,17 +5869,17 @@ msgstr "" "учасниками мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "Типове значення: memberUser" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "ipa_netgroup_member_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." @@ -4931,17 +5888,17 @@ msgstr "" "учасниками мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "Типове значення: memberHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "ipa_netgroup_member_ext_host (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." @@ -4950,58 +5907,268 @@ msgstr "" "мережевої групи." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "Типове значення: externalHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "ipa_netgroup_domain (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" "Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи (netgroup)." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "Типове значення: nisDomainName" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "ipa_host_object_class (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "Клас об’єктів запису вузла у LDAP." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "Типове значення: ipaHost" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "ipa_host_fqdn (рядок)" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "Атрибут LDAP, що містить FQDN вузла." #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "Типове значення: fqdn" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +#, fuzzy +#| msgid "ldap_user_object_class (string)" +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "ldap_user_object_class (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ipa_selinux_usermap_name (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +#, fuzzy +#| msgid "The LDAP attribute that contains the names of the group's members." +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "Атрибут LDAP, у якому містяться імена учасників групи." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +#, fuzzy +#| msgid "ipa_netgroup_member_user (string)" +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "ipa_netgroup_member_user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +#, fuzzy +#| msgid "The LDAP attribute that contains FQDN of the host." +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "Атрибут LDAP, що містить FQDN вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +#, fuzzy +#| msgid "ipa_netgroup_member_host (string)" +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "ipa_netgroup_member_host (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the (host, user, domain) netgroup " +#| "triples." +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" +"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +#, fuzzy +#| msgid "ipa_netgroup_member_of (string)" +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "ipa_netgroup_member_of (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the names of the netgroup's members." +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" +"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +#, fuzzy +#| msgid "Default: false" +msgid "Default: seeAlso" +msgstr "Типове значення: false" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +#, fuzzy +#| msgid "ipa_netgroup_member_user (string)" +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "ipa_netgroup_member_user (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +#, fuzzy +#| msgid "The LDAP attribute that contains FQDN of the host." +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "Атрибут LDAP, що містить FQDN вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +#, fuzzy +#| msgid "Default: ipaHost" +msgid "Default: ipaSELinuxUser" +msgstr "Типове значення: ipaHost" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +#, fuzzy +#| msgid "ldap_user_name (string)" +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "ldap_user_name (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +#, fuzzy +#| msgid "" +#| "The LDAP attribute that contains the path to the user's default shell." +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" +"Атрибут LDAP, що містить шлях до типової командної оболонки користувача." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +#, fuzzy +#| msgid "Default: loginDisabled" +msgid "Default: ipaEnabledFlag" +msgstr "Типове значення: loginDisabled" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +#, fuzzy +#| msgid "ldap_user_search_filter (string)" +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "ldap_user_search_filter (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +#, fuzzy +#| msgid "The LDAP attribute that contains FQDN of the host." +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "Атрибут LDAP, що містить FQDN вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +#, fuzzy +#| msgid "Default: homeDirectory" +msgid "Default: userCategory" +msgstr "Типове значення: homeDirectory" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +#, fuzzy +#| msgid "ldap_user_home_directory (string)" +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "ldap_user_home_directory (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +#, fuzzy +#| msgid "The LDAP attribute that contains FQDN of the host." +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "Атрибут LDAP, що містить FQDN вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +#, fuzzy +#| msgid "Default: host" +msgid "Default: hostCategory" +msgstr "Типове значення: host" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +#, fuzzy +#| msgid "ldap_user_uuid (string)" +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "ldap_user_uuid (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +#, fuzzy +#| msgid "The LDAP attribute that contains FQDN of the host." +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "Атрибут LDAP, що містить FQDN вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +#, fuzzy +#| msgid "Default: nsUniqueId" +msgid "Default: ipaUniqueID" +msgstr "Типове значення: nsUniqueId" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +#, fuzzy +#| msgid "ipa_hostname (string)" +msgid "ipa_host_ssh_public_key (string)" +msgstr "ipa_hostname (рядок)" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +#, fuzzy +#| msgid "The LDAP attribute that contains FQDN of the host." +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "Атрибут LDAP, що містить FQDN вузла." + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +#, fuzzy +#| msgid "Default: ipaHost" +msgid "Default: ipaSshPubKey" +msgstr "Типове значення: ipaHost" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -5013,7 +6180,7 @@ msgstr "" "ipa." #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -5027,7 +6194,7 @@ msgstr "" " ipa_hostname = myhost.example.com\n" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" @@ -6768,3 +7935,6 @@ msgstr "<option>-h</option>,<option>--help</option>" #: include/param_help.xml:7 msgid "Display help message and exit." msgstr "Показати довідкове повідомлення і завершити роботу." + +#~ msgid "Supported services: nss, pam" +#~ msgstr "Підтримувані служби: nss, pam" diff --git a/src/man/po/ur.po b/src/man/po/ur.po index 7856c5c2b..901dc7f69 100644 --- a/src/man/po/ur.po +++ b/src/man/po/ur.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Urdu <trans-urdu@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/vi.po b/src/man/po/vi.po index 444292fd3..f45f02c8a 100644 --- a/src/man/po/vi.po +++ b/src/man/po/vi.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po index fb00d55fc..8cb5db601 100644 --- a/src/man/po/zh_CN.po +++ b/src/man/po/zh_CN.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/" @@ -106,9 +106,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -215,7 +215,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -244,33 +244,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -279,19 +280,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -299,7 +300,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -307,19 +308,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -327,17 +328,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -346,7 +347,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -354,40 +355,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -405,12 +406,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -419,60 +420,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -481,45 +483,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -527,7 +529,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -537,7 +539,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -546,17 +548,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -564,17 +566,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -583,78 +585,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -662,138 +664,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -801,59 +803,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -861,7 +863,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -870,17 +872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -888,29 +890,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -919,56 +1000,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -978,14 +1059,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -994,44 +1075,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1040,47 +1175,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1089,19 +1224,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1109,7 +1244,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1117,30 +1252,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1148,17 +1283,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1167,24 +1302,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1192,7 +1327,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1200,7 +1335,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1208,72 +1343,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1281,51 +1476,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1333,29 +1528,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1363,19 +1558,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1383,73 +1578,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1457,17 +1652,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1476,17 +1671,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1494,17 +1689,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1512,18 +1707,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1553,7 +1748,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1562,7 +1757,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1883,7 +2078,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1943,7 +2138,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1953,14 +2148,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2229,11 +2424,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2242,29 +2447,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2272,52 +2477,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2325,24 +2532,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2350,89 +2557,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2440,114 +2647,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2555,7 +2846,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2563,17 +2854,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2581,17 +2872,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2602,12 +2893,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2615,12 +2906,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2629,48 +2920,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2679,7 +2998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2687,26 +3006,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2714,7 +3033,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2722,7 +3041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2730,41 +3049,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2773,38 +3092,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2812,90 +3131,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2903,27 +3222,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2935,7 +3254,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2943,7 +3262,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2951,62 +3270,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3014,61 +3332,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3078,12 +3396,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3092,14 +3410,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3108,24 +3426,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3133,19 +3451,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3154,7 +3472,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3162,7 +3480,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3171,89 +3489,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3270,74 +3588,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3345,33 +3943,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3379,7 +3999,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3387,7 +4007,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3401,18 +4021,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3421,7 +4041,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3875,73 +4495,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3949,12 +4604,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3962,17 +4617,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3981,144 +4636,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4126,7 +4935,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4136,7 +4945,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" diff --git a/src/man/po/zh_TW.po b/src/man/po/zh_TW.po index df118b641..5ad911ca9 100644 --- a/src/man/po/zh_TW.po +++ b/src/man/po/zh_TW.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: SSSD\n" "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n" -"POT-Creation-Date: 2011-12-22 13:37-0500\n" +"POT-Creation-Date: 2012-02-06 19:00-0500\n" "PO-Revision-Date: 2010-12-23 15:35+0000\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: Chinese (Taiwan) <trans-zh_TW@lists.fedoraproject.org>\n" @@ -105,9 +105,9 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 +#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1331 sssd-ldap.5.xml:2096 #: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 -#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 +#: sssd-ipa.5.xml:550 sssd.8.xml:191 sss_obfuscate.8.xml:103 #: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 #: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 #: sss_usermod.8.xml:138 @@ -214,7 +214,7 @@ msgid "The [sssd] section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title> -#: sssd.conf.5.xml:70 sssd.conf.5.xml:992 +#: sssd.conf.5.xml:70 sssd.conf.5.xml:1177 msgid "Section parameters" msgstr "" @@ -243,33 +243,34 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> #: sssd.conf.5.xml:88 -msgid "Supported services: nss, pam" +msgid "" +"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:93 sssd.conf.5.xml:256 +#: sssd.conf.5.xml:94 sssd.conf.5.xml:257 msgid "reconnection_retries (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:96 sssd.conf.5.xml:259 +#: sssd.conf.5.xml:97 sssd.conf.5.xml:260 msgid "" "Number of times services should attempt to reconnect in the event of a Data " "Provider crash or restart before they give up" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:101 sssd.conf.5.xml:264 +#: sssd.conf.5.xml:102 sssd.conf.5.xml:265 msgid "Default: 3" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:106 +#: sssd.conf.5.xml:107 msgid "domains" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:109 +#: sssd.conf.5.xml:110 msgid "" "A domain is a database containing user information. SSSD can use more " "domains at the same time, but at least one must be configured or SSSD won't " @@ -278,19 +279,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:119 +#: sssd.conf.5.xml:120 msgid "re_expression (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:122 +#: sssd.conf.5.xml:123 msgid "" "Regular expression that describes how to parse the string containing user " "name and domain into these components." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:126 +#: sssd.conf.5.xml:127 msgid "" "Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> " "which translates to \"the name is everything up to the <quote>@</quote> " @@ -298,7 +299,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:131 +#: sssd.conf.5.xml:132 msgid "" "PLEASE NOTE: the support for non-unique named subpatterns is not available " "on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre " @@ -306,19 +307,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:138 +#: sssd.conf.5.xml:139 msgid "" "PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?" "P<name>) to label subpatterns." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:145 +#: sssd.conf.5.xml:146 msgid "full_name_format (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:148 +#: sssd.conf.5.xml:149 msgid "" "A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</" "manvolnum> </citerefentry>-compatible format that describes how to translate " @@ -326,17 +327,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:156 +#: sssd.conf.5.xml:157 msgid "Default: <quote>%1$s@%2$s</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:161 +#: sssd.conf.5.xml:162 msgid "try_inotify (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:164 +#: sssd.conf.5.xml:165 msgid "" "SSSD monitors the state of resolv.conf to identify when it needs to update " "its internal DNS resolver. By default, we will attempt to use inotify for " @@ -345,7 +346,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:172 +#: sssd.conf.5.xml:173 msgid "" "There are some limited situations where it is preferred that we should skip " "even trying to use inotify. In these rare cases, this option should be set " @@ -353,40 +354,40 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:178 +#: sssd.conf.5.xml:179 msgid "" "Default: true on platforms where inotify is supported. False on other " "platforms." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:182 +#: sssd.conf.5.xml:183 msgid "" "Note: this option will have no effect on platforms where inotify is " "unavailable. On these platforms, polling will always be used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:189 +#: sssd.conf.5.xml:190 msgid "krb5_rcache_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:192 +#: sssd.conf.5.xml:193 msgid "" "Directory on the filesystem where SSSD should store Kerberos replay cache " "files." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:196 +#: sssd.conf.5.xml:197 msgid "" "This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct " "SSSD to let libkrb5 decide the appropriate location for the replay cache." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:202 +#: sssd.conf.5.xml:203 msgid "" "Default: Distribution-specific and specified at build-time. " "(__LIBKRB5_DEFAULTS__ if not configured)" @@ -404,12 +405,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:215 +#: sssd.conf.5.xml:216 msgid "SERVICES SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:217 +#: sssd.conf.5.xml:218 msgid "" "Settings that can be used to configure different services are described in " "this section. They should reside in the [<replaceable>$NAME</replaceable>] " @@ -418,60 +419,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:224 +#: sssd.conf.5.xml:225 msgid "General service configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:226 +#: sssd.conf.5.xml:227 msgid "These options can be used to configure any service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:230 +#: sssd.conf.5.xml:231 msgid "debug_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:234 +#: sssd.conf.5.xml:235 msgid "debug_timestamps (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:237 +#: sssd.conf.5.xml:238 msgid "Add a timestamp to the debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 -#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193 +#: sssd.conf.5.xml:241 sssd.conf.5.xml:376 sssd-ldap.5.xml:1328 +#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241 msgid "Default: true" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:245 +#: sssd.conf.5.xml:246 msgid "debug_microseconds (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:248 +#: sssd.conf.5.xml:249 msgid "Add microseconds to the timestamp in debug messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 -#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 -#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 +#: sssd.conf.5.xml:252 sssd.conf.5.xml:641 sssd-ldap.5.xml:602 +#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 +#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 +#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418 msgid "Default: false" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:269 +#: sssd.conf.5.xml:270 msgid "command (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:272 +#: sssd.conf.5.xml:273 msgid "" "By default, the executable representing this service is called <command>sssd_" "${service_name}</command>. This directive allows to change the executable " @@ -480,45 +482,45 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:280 +#: sssd.conf.5.xml:281 msgid "Default: <command>sssd_${service_name}</command>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:288 +#: sssd.conf.5.xml:289 msgid "NSS configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:290 +#: sssd.conf.5.xml:291 msgid "" "These options can be used to configure the Name Service Switch (NSS) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:295 +#: sssd.conf.5.xml:296 msgid "enum_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:298 +#: sssd.conf.5.xml:299 msgid "" "How many seconds should nss_sss cache enumerations (requests for info about " "all users)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:302 +#: sssd.conf.5.xml:303 msgid "Default: 120" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:307 +#: sssd.conf.5.xml:308 msgid "entry_cache_nowait_percentage (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:310 +#: sssd.conf.5.xml:311 msgid "" "The entry cache can be set to automatically update entries in the background " "if they are requested beyond a percentage of the entry_cache_timeout value " @@ -526,7 +528,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:316 +#: sssd.conf.5.xml:317 msgid "" "For example, if the domain's entry_cache_timeout is set to 30s and " "entry_cache_nowait_percentage is set to 50 (percent), entries that come in " @@ -536,7 +538,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:326 +#: sssd.conf.5.xml:327 msgid "" "Valid values for this option are 0-99 and represent a percentage of the " "entry_cache_timeout for each domain. For performance reasons, this " @@ -545,17 +547,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:334 +#: sssd.conf.5.xml:335 msgid "Default: 50" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:339 +#: sssd.conf.5.xml:340 msgid "entry_negative_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:342 +#: sssd.conf.5.xml:343 msgid "" "Specifies for how many seconds nss_sss should cache negative cache hits " "(that is, queries for invalid database entries, like nonexistent ones) " @@ -563,17 +565,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:348 sssd-krb5.5.xml:223 +#: sssd.conf.5.xml:349 sssd.conf.5.xml:669 sssd-krb5.5.xml:223 msgid "Default: 15" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:353 +#: sssd.conf.5.xml:354 msgid "filter_users, filter_groups (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:356 +#: sssd.conf.5.xml:357 msgid "" "Exclude certain users from being fetched from the sss NSS database. This is " "particularly useful for system accounts. This option can also be set per-" @@ -582,78 +584,78 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:363 +#: sssd.conf.5.xml:364 msgid "Default: root" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:368 +#: sssd.conf.5.xml:369 msgid "filter_users_in_groups (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:371 +#: sssd.conf.5.xml:372 msgid "" "If you want filtered user still be group members set this option to false." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:380 +#: sssd.conf.5.xml:381 msgid "override_homedir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:389 sssd-krb5.5.xml:166 +#: sssd.conf.5.xml:390 sssd-krb5.5.xml:166 msgid "%u" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:390 sssd-krb5.5.xml:167 +#: sssd.conf.5.xml:391 sssd-krb5.5.xml:167 msgid "login name" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:393 sssd-krb5.5.xml:170 +#: sssd.conf.5.xml:394 sssd-krb5.5.xml:170 msgid "%U" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:394 +#: sssd.conf.5.xml:395 msgid "UID number" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:397 sssd-krb5.5.xml:188 +#: sssd.conf.5.xml:398 sssd-krb5.5.xml:188 msgid "%d" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:398 +#: sssd.conf.5.xml:399 msgid "domain name" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:401 +#: sssd.conf.5.xml:402 msgid "%f" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:402 +#: sssd.conf.5.xml:403 msgid "fully qualified user name (user@domain)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:405 sssd-krb5.5.xml:200 +#: sssd.conf.5.xml:406 sssd-krb5.5.xml:200 msgid "%%" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:406 sssd-krb5.5.xml:201 +#: sssd.conf.5.xml:407 sssd-krb5.5.xml:201 msgid "a literal '%'" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:383 +#: sssd.conf.5.xml:384 msgid "" "Override the user's home directory. You can either provide an absolute value " "or a template. In the template, the following sequences are substituted: " @@ -661,138 +663,138 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:412 +#: sssd.conf.5.xml:413 msgid "This option can also be set per-domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:417 +#: sssd.conf.5.xml:418 msgid "allowed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:420 +#: sssd.conf.5.xml:421 msgid "" "Restrict user shell to one of the listed values. The order of evaluation is:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:423 +#: sssd.conf.5.xml:424 msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:427 +#: sssd.conf.5.xml:428 msgid "" "2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</" "quote>, use the value of the shell_fallback parameter." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:432 +#: sssd.conf.5.xml:433 msgid "" "3. If the shell is not in the allowed_shells list and not in <quote>/etc/" "shells</quote>, a nologin shell is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:437 +#: sssd.conf.5.xml:438 msgid "An empty string for shell is passed as-is to libc." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:440 +#: sssd.conf.5.xml:441 msgid "" "The <quote>/etc/shells</quote> is only read on SSSD start up, which means " "that a restart of the SSSD is required in case a new shell is installed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:444 +#: sssd.conf.5.xml:445 msgid "Default: Not set. The user shell is automatically used." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:449 +#: sssd.conf.5.xml:450 msgid "vetoed_shells (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:452 +#: sssd.conf.5.xml:453 msgid "Replace any instance of these shells with the shell_fallback" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:457 +#: sssd.conf.5.xml:458 msgid "shell_fallback (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:460 +#: sssd.conf.5.xml:461 msgid "" "The default shell to use if an allowed shell is not installed on the machine." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:464 +#: sssd.conf.5.xml:465 msgid "Default: /bin/sh" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:471 +#: sssd.conf.5.xml:472 msgid "PAM configuration options" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:473 +#: sssd.conf.5.xml:474 msgid "" "These options can be used to configure the Pluggable Authentication Module " "(PAM) service." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:478 +#: sssd.conf.5.xml:479 msgid "offline_credentials_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:481 +#: sssd.conf.5.xml:482 msgid "" "If the authentication provider is offline, how long should we allow cached " "logins (in days since the last successful online login)." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:486 sssd.conf.5.xml:499 +#: sssd.conf.5.xml:487 sssd.conf.5.xml:500 msgid "Default: 0 (No limit)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:492 +#: sssd.conf.5.xml:493 msgid "offline_failed_login_attempts (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:495 +#: sssd.conf.5.xml:496 msgid "" "If the authentication provider is offline, how many failed login attempts " "are allowed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:505 +#: sssd.conf.5.xml:506 msgid "offline_failed_login_delay (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:508 +#: sssd.conf.5.xml:509 msgid "" "The time in minutes which has to pass after offline_failed_login_attempts " "has been reached before a new login attempt is possible." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:513 +#: sssd.conf.5.xml:514 msgid "" "If set to 0 the user cannot authenticate offline if " "offline_failed_login_attempts has been reached. Only a successful online " @@ -800,59 +802,59 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:519 sssd.conf.5.xml:572 sssd.conf.5.xml:908 +#: sssd.conf.5.xml:520 sssd.conf.5.xml:573 sssd.conf.5.xml:1093 msgid "Default: 5" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:525 +#: sssd.conf.5.xml:526 msgid "pam_verbosity (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:528 +#: sssd.conf.5.xml:529 msgid "" "Controls what kind of messages are shown to the user during authentication. " "The higher the number to more messages are displayed." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:533 +#: sssd.conf.5.xml:534 msgid "Currently sssd supports the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:536 +#: sssd.conf.5.xml:537 msgid "<emphasis>0</emphasis>: do not show any message" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:539 +#: sssd.conf.5.xml:540 msgid "<emphasis>1</emphasis>: show only important messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:543 +#: sssd.conf.5.xml:544 msgid "<emphasis>2</emphasis>: show informational messages" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:546 +#: sssd.conf.5.xml:547 msgid "<emphasis>3</emphasis>: show all messages and debug information" msgstr "" #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:550 sssd.8.xml:63 +#: sssd.conf.5.xml:551 sssd.8.xml:63 msgid "Default: 1" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:555 +#: sssd.conf.5.xml:556 msgid "pam_id_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:558 +#: sssd.conf.5.xml:559 msgid "" "For any PAM request while SSSD is online, the SSSD will attempt to " "immediately update the cached identity information for the user in order to " @@ -860,7 +862,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:564 +#: sssd.conf.5.xml:565 msgid "" "A complete PAM conversation may perform multiple PAM requests, such as " "account management and session opening. This option controls (on a per-" @@ -869,17 +871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:578 +#: sssd.conf.5.xml:579 msgid "pam_pwd_expiration_warning (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:581 +#: sssd.conf.5.xml:582 msgid "Display a warning N days before the password expires." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:584 +#: sssd.conf.5.xml:585 msgid "" "Please note that the backend server has to provide information about the " "expiration time of the password. If this information is missing, sssd " @@ -887,29 +889,108 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:590 +#: sssd.conf.5.xml:591 msgid "Default: 7" msgstr "" -#. type: Content of: <reference><refentry><refsect1><title> +#. type: Content of: <reference><refentry><refsect1><refsect2><title> #: sssd.conf.5.xml:599 +msgid "SUDO configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:601 +msgid "These options can be used to configure the sudo service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:608 +msgid "sudo_cache_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:611 +msgid "" +"For any sudo request that comes while SSSD is online, the SSSD will attempt " +"to update the cached rules in order to ensure that sudo has the latest " +"ruleset." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:617 +msgid "" +"The user may, however, run a couple of sudo commands successively, which " +"would trigger multiple LDAP requests. In order to speed up this use-case, " +"the sudo service maintains an in-memory cache that would be used for " +"performing fast replies." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:624 +msgid "" +"This option controls how long (in seconds) can the sudo service cache rules " +"for a user." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:628 +msgid "Default: 180" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:633 +msgid "sudo_timed (bool)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:636 +msgid "" +"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes " +"that implement time-dependent sudoers entries." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><title> +#: sssd.conf.5.xml:649 +msgid "AUTOFS configuration options" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><para> +#: sssd.conf.5.xml:651 +msgid "These options can be used to configure the autofs service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> +#: sssd.conf.5.xml:659 +msgid "autofs_negative_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:662 +msgid "" +"Specifies for how many seconds should the autofs respondercache negative " +"cache hits (that is, queries for invalid map entries, like nonexistent ones) " +"before asking the back end again." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd.conf.5.xml:679 msgid "DOMAIN SECTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:606 +#: sssd.conf.5.xml:686 msgid "min_id,max_id (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:609 +#: sssd.conf.5.xml:689 msgid "" "UID and GID limits for the domain. If a domain contains an entry that is " "outside these limits, it is ignored." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:614 +#: sssd.conf.5.xml:694 msgid "" "For users, this affects the primary GID limit. The user will not be returned " "to NSS if either the UID or the primary GID is outside the range. For non-" @@ -918,56 +999,56 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:621 +#: sssd.conf.5.xml:701 msgid "Default: 1 for min_id, 0 (no limit) for max_id" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:627 +#: sssd.conf.5.xml:707 msgid "timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:630 +#: sssd.conf.5.xml:710 msgid "" "Timeout in seconds between heartbeats for this domain. This is used to " "ensure that the backend process is alive and capable of answering requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027 +#: sssd.conf.5.xml:715 sssd-ldap.5.xml:1131 msgid "Default: 10" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:641 +#: sssd.conf.5.xml:721 msgid "enumerate (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:644 +#: sssd.conf.5.xml:724 msgid "" "Determines if a domain can be enumerated. This parameter can have one of the " "following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:648 +#: sssd.conf.5.xml:728 msgid "TRUE = Users and groups are enumerated" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:651 +#: sssd.conf.5.xml:731 msgid "FALSE = No enumerations for this domain" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:654 sssd.conf.5.xml:706 sssd.conf.5.xml:760 +#: sssd.conf.5.xml:734 sssd.conf.5.xml:839 sssd.conf.5.xml:893 msgid "Default: FALSE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:657 +#: sssd.conf.5.xml:737 msgid "" "Note: Enabling enumeration has a moderate performance impact on SSSD while " "enumeration is running. It may take up to several minutes after SSSD startup " @@ -977,14 +1058,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:667 +#: sssd.conf.5.xml:747 msgid "" "While the first enumeration is running, requests for the complete user or " "group lists may return no results until it completes." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:672 +#: sssd.conf.5.xml:752 msgid "" "Further, enabling enumeration may increase the time necessary to detect " "network disconnection, as longer timeouts are required to ensure that " @@ -993,44 +1074,98 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:683 +#: sssd.conf.5.xml:763 msgid "entry_cache_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:686 +#: sssd.conf.5.xml:766 msgid "" "How many seconds should nss_sss consider entries valid before asking the " "backend again" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:690 +#: sssd.conf.5.xml:770 msgid "Default: 5400" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:695 +#: sssd.conf.5.xml:776 +msgid "entry_cache_user_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:779 +msgid "" +"How many seconds should nss_sss consider user entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:783 sssd.conf.5.xml:796 sssd.conf.5.xml:809 +#: sssd.conf.5.xml:822 +msgid "Default: entry_cache_timeout" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:789 +msgid "entry_cache_group_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:792 +msgid "" +"How many seconds should nss_sss consider group entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:802 +msgid "entry_cache_netgroup_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:805 +msgid "" +"How many seconds should nss_sss consider netgroup entries valid before " +"asking the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:815 +msgid "entry_cache_service_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:818 +msgid "" +"How many seconds should nss_sss consider service entries valid before asking " +"the backend again" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:828 msgid "cache_credentials (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:698 +#: sssd.conf.5.xml:831 msgid "Determines if user credentials are also cached in the local LDB cache" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:702 +#: sssd.conf.5.xml:835 msgid "User credentials are stored in a SHA512 hash, not in plaintext" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:711 +#: sssd.conf.5.xml:844 msgid "account_cache_expiration (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:714 +#: sssd.conf.5.xml:847 msgid "" "Number of days entries are left in cache after last successful login before " "being removed during a cleanup of the cache. 0 means keep forever. The " @@ -1039,47 +1174,47 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:721 +#: sssd.conf.5.xml:854 msgid "Default: 0 (unlimited)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:727 +#: sssd.conf.5.xml:860 msgid "id_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:730 +#: sssd.conf.5.xml:863 msgid "The Data Provider identity backend to use for this domain." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:734 +#: sssd.conf.5.xml:867 msgid "Supported backends:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:737 +#: sssd.conf.5.xml:870 msgid "proxy: Support a legacy NSS provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:740 +#: sssd.conf.5.xml:873 msgid "local: SSSD internal local provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:743 +#: sssd.conf.5.xml:876 msgid "ldap: LDAP provider" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:749 +#: sssd.conf.5.xml:882 msgid "use_fully_qualified_names (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:752 +#: sssd.conf.5.xml:885 msgid "" "If set to TRUE, all requests to this domain must use fully qualified names. " "For example, if used in LOCAL domain that contains a \"test\" user, " @@ -1088,19 +1223,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:765 +#: sssd.conf.5.xml:898 msgid "auth_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:768 +#: sssd.conf.5.xml:901 msgid "" "The authentication provider used for the domain. Supported auth providers " "are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:772 +#: sssd.conf.5.xml:905 msgid "" "<quote>ldap</quote> for native LDAP authentication. See <citerefentry> " "<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1108,7 +1243,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:779 +#: sssd.conf.5.xml:912 msgid "" "<quote>krb5</quote> for Kerberos authentication. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1116,30 +1251,30 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:786 +#: sssd.conf.5.xml:919 msgid "" "<quote>proxy</quote> for relaying authentication to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:789 +#: sssd.conf.5.xml:922 msgid "<quote>none</quote> disables authentication explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:792 +#: sssd.conf.5.xml:925 msgid "" "Default: <quote>id_provider</quote> is used if it is set and can handle " "authentication requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:798 +#: sssd.conf.5.xml:931 msgid "access_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:801 +#: sssd.conf.5.xml:934 msgid "" "The access control provider used for the domain. There are two built-in " "access providers (in addition to any included in installed backends) " @@ -1147,17 +1282,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:807 +#: sssd.conf.5.xml:940 msgid "<quote>permit</quote> always allow access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:810 +#: sssd.conf.5.xml:943 msgid "<quote>deny</quote> always deny access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:813 +#: sssd.conf.5.xml:946 msgid "" "<quote>simple</quote> access control based on access or deny lists. See " "<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</" @@ -1166,24 +1301,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:820 +#: sssd.conf.5.xml:953 msgid "Default: <quote>permit</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:825 +#: sssd.conf.5.xml:958 msgid "chpass_provider (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:828 +#: sssd.conf.5.xml:961 msgid "" "The provider which should handle change password operations for the domain. " "Supported change password providers are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:833 +#: sssd.conf.5.xml:966 msgid "" "<quote>ipa</quote> to change a password stored in an IPA server. See " "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" @@ -1191,7 +1326,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:841 +#: sssd.conf.5.xml:974 msgid "" "<quote>ldap</quote> to change a password stored in a LDAP server. See " "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</" @@ -1199,7 +1334,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:849 +#: sssd.conf.5.xml:982 msgid "" "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> " "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </" @@ -1207,72 +1342,132 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:857 +#: sssd.conf.5.xml:990 msgid "" "<quote>proxy</quote> for relaying password changes to some other PAM target." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:861 +#: sssd.conf.5.xml:994 msgid "<quote>none</quote> disallows password changes explicitly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:864 +#: sssd.conf.5.xml:997 msgid "" "Default: <quote>auth_provider</quote> is used if it is set and can handle " "change password requests." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:871 +#: sssd.conf.5.xml:1004 +msgid "sudo_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1010 +msgid "The SUDO provider used for the domain. Supported SUDO providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1014 +msgid "" +"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> " +"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </" +"citerefentry> for more information on configuring LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1021 +msgid "<quote>none</quote> disables SUDO explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1024 +msgid "Default: The value of <quote>id_provider</quote> is used if it is set." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1030 +msgid "session_provider (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1033 +msgid "" +"The provider which should handle loading of session settings. Supported " +"session providers are:" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1038 +msgid "" +"<quote>ipa</quote> to load session settings from an IPA server. See " +"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</" +"manvolnum> </citerefentry> for more information on configuring IPA." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1046 +msgid "<quote>none</quote> disallows fetching session settings explicitly." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd.conf.5.xml:1049 +msgid "" +"Default: <quote>id_provider</quote> is used if it is set and can handle " +"session loading requests." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd.conf.5.xml:1056 msgid "lookup_family_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:874 +#: sssd.conf.5.xml:1059 msgid "" "Provides the ability to select preferred address family to use when " "performing DNS lookups." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:878 +#: sssd.conf.5.xml:1063 msgid "Supported values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:881 +#: sssd.conf.5.xml:1066 msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:884 +#: sssd.conf.5.xml:1069 msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:887 +#: sssd.conf.5.xml:1072 msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:890 +#: sssd.conf.5.xml:1075 msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:893 +#: sssd.conf.5.xml:1078 msgid "Default: ipv4_first" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:899 +#: sssd.conf.5.xml:1084 msgid "dns_resolver_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:902 +#: sssd.conf.5.xml:1087 msgid "" "Defines the amount of time (in seconds) to wait for a reply from the DNS " "resolver before assuming that it is unreachable. If this timeout is reached, " @@ -1280,51 +1475,51 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:914 +#: sssd.conf.5.xml:1099 msgid "dns_discovery_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:917 +#: sssd.conf.5.xml:1102 msgid "" "If service discovery is used in the back end, specifies the domain part of " "the service discovery DNS query." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:921 +#: sssd.conf.5.xml:1106 msgid "Default: Use the domain part of machine's hostname" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:927 +#: sssd.conf.5.xml:1112 msgid "override_gid (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:930 +#: sssd.conf.5.xml:1115 msgid "Override the primary GID value with the one specified." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:936 +#: sssd.conf.5.xml:1121 msgid "case_sensitive (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:939 +#: sssd.conf.5.xml:1124 msgid "" "Treat user and group names as case sensitive. At the moment, this option is " "not supported in the local provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:944 +#: sssd.conf.5.xml:1129 msgid "Default: True" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:601 +#: sssd.conf.5.xml:681 msgid "" "These configuration options can be present in a domain configuration " "section, that is, in a section called <quote>[domain/<replaceable>NAME</" @@ -1332,29 +1527,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:956 +#: sssd.conf.5.xml:1141 msgid "proxy_pam_target (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:959 +#: sssd.conf.5.xml:1144 msgid "The proxy target PAM proxies to." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:962 +#: sssd.conf.5.xml:1147 msgid "" "Default: not set by default, you have to take an existing pam configuration " "or create a new one and add the service name here." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd.conf.5.xml:970 +#: sssd.conf.5.xml:1155 msgid "proxy_lib_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:973 +#: sssd.conf.5.xml:1158 msgid "" "The name of the NSS library to use in proxy domains. The NSS functions " "searched for in the library are in the form of _nss_$(libName)_$(function), " @@ -1362,19 +1557,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:952 +#: sssd.conf.5.xml:1137 msgid "" "Options valid for proxy domains. <placeholder type=\"variablelist\" id=" "\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><title> -#: sssd.conf.5.xml:985 +#: sssd.conf.5.xml:1170 msgid "The local domain section" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><para> -#: sssd.conf.5.xml:987 +#: sssd.conf.5.xml:1172 msgid "" "This section contains settings for domain that stores users and groups in " "SSSD native database, that is, a domain that uses " @@ -1382,73 +1577,73 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:994 +#: sssd.conf.5.xml:1179 msgid "default_shell (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:997 +#: sssd.conf.5.xml:1182 msgid "The default shell for users created with SSSD userspace tools." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1001 +#: sssd.conf.5.xml:1186 msgid "Default: <filename>/bin/bash</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1006 +#: sssd.conf.5.xml:1191 msgid "base_directory (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1009 +#: sssd.conf.5.xml:1194 msgid "" "The tools append the login name to <replaceable>base_directory</replaceable> " "and use that as the home directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1014 +#: sssd.conf.5.xml:1199 msgid "Default: <filename>/home</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1019 +#: sssd.conf.5.xml:1204 msgid "create_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1022 +#: sssd.conf.5.xml:1207 msgid "" "Indicate if a home directory should be created by default for new users. " "Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038 +#: sssd.conf.5.xml:1211 sssd.conf.5.xml:1223 msgid "Default: TRUE" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1031 +#: sssd.conf.5.xml:1216 msgid "remove_homedir (bool)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1034 +#: sssd.conf.5.xml:1219 msgid "" "Indicate if a home directory should be removed by default for deleted " "users. Can be overridden on command line." msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1043 +#: sssd.conf.5.xml:1228 msgid "homedir_umask (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1046 +#: sssd.conf.5.xml:1231 msgid "" "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> " "<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions " @@ -1456,17 +1651,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1054 +#: sssd.conf.5.xml:1239 msgid "Default: 077" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1059 +#: sssd.conf.5.xml:1244 msgid "skel_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1062 +#: sssd.conf.5.xml:1247 msgid "" "The skeleton directory, which contains files and directories to be copied in " "the user's home directory, when the home directory is created by " @@ -1475,17 +1670,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1072 +#: sssd.conf.5.xml:1257 msgid "Default: <filename>/etc/skel</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1077 +#: sssd.conf.5.xml:1262 msgid "mail_dir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1080 +#: sssd.conf.5.xml:1265 msgid "" "The mail spool directory. This is needed to manipulate the mailbox when its " "corresponding user account is modified or deleted. If not specified, a " @@ -1493,17 +1688,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1087 +#: sssd.conf.5.xml:1272 msgid "Default: <filename>/var/mail</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term> -#: sssd.conf.5.xml:1092 +#: sssd.conf.5.xml:1277 msgid "userdel_cmd (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1095 +#: sssd.conf.5.xml:1280 msgid "" "The command that is run after a user is removed. The command us passed the " "username of the user being removed as the first and only parameter. The " @@ -1511,18 +1706,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para> -#: sssd.conf.5.xml:1101 +#: sssd.conf.5.xml:1286 msgid "Default: None, no command is run" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 -#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432 +#: sssd.conf.5.xml:1296 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 +#: sssd-ipa.5.xml:532 sssd-krb5.5.xml:432 msgid "EXAMPLE" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd.conf.5.xml:1117 +#: sssd.conf.5.xml:1302 #, no-wrap msgid "" "[sssd]\n" @@ -1552,7 +1747,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1113 +#: sssd.conf.5.xml:1298 msgid "" "The following example shows a typical SSSD config. It does not describe " "configuration of the domains themselves - refer to documentation on " @@ -1561,7 +1756,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd.conf.5.xml:1148 +#: sssd.conf.5.xml:1333 msgid "" "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -1882,7 +2077,7 @@ msgid "The LDAP attribute that corresponds to the user's primary group id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:730 +#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740 msgid "Default: gidNumber" msgstr "" @@ -1942,7 +2137,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868 +#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878 msgid "Default: nsUniqueId" msgstr "" @@ -1952,14 +2147,14 @@ msgid "ldap_user_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877 +#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887 msgid "" "The LDAP attribute that contains timestamp of the last modification of the " "parent object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884 +#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894 msgid "Default: modifyTimestamp" msgstr "" @@ -2228,11 +2423,21 @@ msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> #: sssd-ldap.5.xml:582 -msgid "ldap_force_upper_case_realm (boolean)" +msgid "ldap_user_ssh_public_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> #: sssd-ldap.5.xml:585 +msgid "The LDAP attribute that contains the user's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:592 +msgid "ldap_force_upper_case_realm (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:595 msgid "" "Some directory servers, for example Active Directory, might deliver the " "realm part of the UPN in lower case, which might cause the authentication to " @@ -2241,29 +2446,29 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:598 +#: sssd-ldap.5.xml:608 msgid "ldap_enumeration_refresh_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:601 +#: sssd-ldap.5.xml:611 msgid "" "The LDAP attribute that contains how many seconds SSSD has to wait before " "refreshing its cache of enumerated records." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:606 +#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808 msgid "Default: 300" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:612 +#: sssd-ldap.5.xml:622 msgid "ldap_purge_cache_timeout" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:615 +#: sssd-ldap.5.xml:625 msgid "" "Determine how often to check the cache for inactive entries (such as groups " "with no members and users who have never logged in) and remove them to save " @@ -2271,52 +2476,54 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:621 +#: sssd-ldap.5.xml:631 msgid "Setting this option to zero will disable the cache cleanup operation." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:625 +#: sssd-ldap.5.xml:635 msgid "Default: 10800 (12 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:631 +#: sssd-ldap.5.xml:641 msgid "ldap_user_fullname (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:634 +#: sssd-ldap.5.xml:644 msgid "The LDAP attribute that corresponds to the user's full name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818 +#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 +#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 +#: sssd-ipa.5.xml:410 msgid "Default: cn" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:644 +#: sssd-ldap.5.xml:654 msgid "ldap_user_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:647 +#: sssd-ldap.5.xml:657 msgid "The LDAP attribute that lists the user's group memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261 +#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:314 msgid "Default: memberOf" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:657 +#: sssd-ldap.5.xml:667 msgid "ldap_user_authorized_service (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:660 +#: sssd-ldap.5.xml:670 msgid "" "If access_provider=ldap and ldap_access_order=authorized_service, SSSD will " "use the presence of the authorizedService attribute in the user's LDAP entry " @@ -2324,24 +2531,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:667 +#: sssd-ldap.5.xml:677 msgid "" "An explicit deny (!svc) is resolved first. Second, SSSD searches for " "explicit allow (svc) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:672 +#: sssd-ldap.5.xml:682 msgid "Default: authorizedService" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:678 +#: sssd-ldap.5.xml:688 msgid "ldap_user_authorized_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:681 +#: sssd-ldap.5.xml:691 msgid "" "If access_provider=ldap and ldap_access_order=host, SSSD will use the " "presence of the host attribute in the user's LDAP entry to determine access " @@ -2349,89 +2556,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:687 +#: sssd-ldap.5.xml:697 msgid "" "An explicit deny (!host) is resolved first. Second, SSSD searches for " "explicit allow (host) and finally for allow_all (*)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:692 +#: sssd-ldap.5.xml:702 msgid "Default: host" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:698 +#: sssd-ldap.5.xml:708 msgid "ldap_group_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:701 +#: sssd-ldap.5.xml:711 msgid "The object class of a group entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:704 +#: sssd-ldap.5.xml:714 msgid "Default: posixGroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:710 +#: sssd-ldap.5.xml:720 msgid "ldap_group_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:713 +#: sssd-ldap.5.xml:723 msgid "The LDAP attribute that corresponds to the group name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:723 +#: sssd-ldap.5.xml:733 msgid "ldap_group_gid_number (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:726 +#: sssd-ldap.5.xml:736 msgid "The LDAP attribute that corresponds to the group's id." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:736 +#: sssd-ldap.5.xml:746 msgid "ldap_group_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:739 +#: sssd-ldap.5.xml:749 msgid "The LDAP attribute that contains the names of the group's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:743 +#: sssd-ldap.5.xml:753 msgid "Default: memberuid (rfc2307) / member (rfc2307bis)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:749 +#: sssd-ldap.5.xml:759 msgid "ldap_group_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:752 +#: sssd-ldap.5.xml:762 msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:762 +#: sssd-ldap.5.xml:772 msgid "ldap_group_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:775 +#: sssd-ldap.5.xml:785 msgid "ldap_group_nesting_level (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:778 +#: sssd-ldap.5.xml:788 msgid "" "If ldap_schema is set to a schema format that supports nested groups (e.g. " "RFC2307bis), then this option controls how many levels of nesting SSSD will " @@ -2439,114 +2646,198 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:785 +#: sssd-ldap.5.xml:795 msgid "Default: 2" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:791 +#: sssd-ldap.5.xml:801 msgid "ldap_netgroup_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:794 +#: sssd-ldap.5.xml:804 msgid "The object class of a netgroup entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:797 +#: sssd-ldap.5.xml:807 msgid "In IPA provider, ipa_netgroup_object_class should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:801 +#: sssd-ldap.5.xml:811 msgid "Default: nisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:807 +#: sssd-ldap.5.xml:817 msgid "ldap_netgroup_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:810 +#: sssd-ldap.5.xml:820 msgid "The LDAP attribute that corresponds to the netgroup name." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:814 +#: sssd-ldap.5.xml:824 msgid "In IPA provider, ipa_netgroup_name should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:824 +#: sssd-ldap.5.xml:834 msgid "ldap_netgroup_member (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:827 +#: sssd-ldap.5.xml:837 msgid "The LDAP attribute that contains the names of the netgroup's members." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:831 +#: sssd-ldap.5.xml:841 msgid "In IPA provider, ipa_netgroup_member should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:835 +#: sssd-ldap.5.xml:845 msgid "Default: memberNisNetgroup" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:841 +#: sssd-ldap.5.xml:851 msgid "ldap_netgroup_triple (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:844 +#: sssd-ldap.5.xml:854 msgid "" "The LDAP attribute that contains the (host, user, domain) netgroup triples." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881 +#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891 msgid "This option is not available in IPA provider." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:851 +#: sssd-ldap.5.xml:861 msgid "Default: nisNetgroupTriple" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:857 +#: sssd-ldap.5.xml:867 msgid "ldap_netgroup_uuid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:860 +#: sssd-ldap.5.xml:870 msgid "" "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:864 +#: sssd-ldap.5.xml:874 msgid "In IPA provider, ipa_netgroup_uuid should be used instead." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:874 +#: sssd-ldap.5.xml:884 msgid "ldap_netgroup_modify_timestamp (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:890 +#: sssd-ldap.5.xml:900 +msgid "ldap_service_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:903 +msgid "The object class of a service entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:906 +msgid "Default: ipService" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:912 +msgid "ldap_service_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:915 +msgid "" +"The LDAP attribute that contains the name of service attributes and their " +"aliases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:925 +msgid "ldap_service_port (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:928 +msgid "The LDAP attribute that contains the port managed by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:932 +msgid "Default: ipServicePort" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:938 +msgid "ldap_service_proto (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:941 +msgid "" +"The LDAP attribute that contains the protocols understood by this service." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:945 +msgid "Default: ipServiceProtocol" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:951 +msgid "ldap_service_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:954 +msgid "An optional base DN to restrict service searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 +#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 +#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 +msgid "" +"See <quote>ldap_search_base</quote> for information about configuring " +"multiple search bases." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 +#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 +#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192 +msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:970 msgid "ldap_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:893 +#: sssd-ldap.5.xml:973 msgid "" "Specifies the timeout (in seconds) that ldap searches are allowed to run " "before they are cancelled and cached results are returned (and offline mode " @@ -2554,7 +2845,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:899 +#: sssd-ldap.5.xml:979 msgid "" "Note: this option is subject to change in future versions of the SSSD. It " "will likely be replaced at some point by a series of timeouts for specific " @@ -2562,17 +2853,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962 +#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042 msgid "Default: 6" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:911 +#: sssd-ldap.5.xml:991 msgid "ldap_enumeration_search_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:914 +#: sssd-ldap.5.xml:994 msgid "" "Specifies the timeout (in seconds) that ldap searches for user and group " "enumerations are allowed to run before they are cancelled and cached results " @@ -2580,17 +2871,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:921 +#: sssd-ldap.5.xml:1001 msgid "Default: 60" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:927 +#: sssd-ldap.5.xml:1007 msgid "ldap_network_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:930 +#: sssd-ldap.5.xml:1010 msgid "" "Specifies the timeout (in seconds) after which the <citerefentry> " "<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/" @@ -2601,12 +2892,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:953 +#: sssd-ldap.5.xml:1033 msgid "ldap_opt_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:956 +#: sssd-ldap.5.xml:1036 msgid "" "Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs " "will abort if no response is received. Also controls the timeout when " @@ -2614,12 +2905,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:968 +#: sssd-ldap.5.xml:1048 msgid "ldap_connection_expire_timeout (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:971 +#: sssd-ldap.5.xml:1051 msgid "" "Specifies a timeout (in seconds) that a connection to an LDAP server will be " "maintained. After this time, the connection will be re-established. If used " @@ -2628,48 +2919,76 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:979 +#: sssd-ldap.5.xml:1059 msgid "Default: 900 (15 minutes)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:985 +#: sssd-ldap.5.xml:1065 msgid "ldap_page_size (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:988 +#: sssd-ldap.5.xml:1068 msgid "" "Specify the number of records to retrieve from LDAP in a single request. " "Some LDAP servers enforce a maximum limit per-request." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:993 +#: sssd-ldap.5.xml:1073 msgid "Default: 1000" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:999 -msgid "ldap_deref_threshold (integer)" +#: sssd-ldap.5.xml:1079 +msgid "ldap_disable_paging" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1002 +#: sssd-ldap.5.xml:1082 msgid "" -"Specify the number of group members that must be missing from the internal " -"cache in order to trigger a dereference lookup. If less members are missing, " -"they are looked up individually." +"Disable the LDAP paging control. This option should be used if the LDAP " +"server reports that it supports the LDAP paging control in its RootDSE but " +"it is not enabled or does not behave properly." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1008 +#: sssd-ldap.5.xml:1088 msgid "" -"You can turn off dereference lookups completely by setting the value to 0." +"Example: OpenLDAP servers with the paging control module installed on the " +"server but not enabled will report it in the RootDSE but be unable to use it." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1012 +#: sssd-ldap.5.xml:1094 +msgid "" +"Example: 389 DS has a bug where it can only support a one paging control at " +"a time on a single connection. On busy clients, this can result in some " +"requests being denied." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1103 +msgid "ldap_deref_threshold (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1106 +msgid "" +"Specify the number of group members that must be missing from the internal " +"cache in order to trigger a dereference lookup. If less members are missing, " +"they are looked up individually." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1112 +msgid "" +"You can turn off dereference lookups completely by setting the value to 0." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1116 msgid "" "A dereference lookup is a means of fetching all group members in a single " "LDAP call. Different LDAP servers may implement different dereference " @@ -2678,7 +2997,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1020 +#: sssd-ldap.5.xml:1124 msgid "" "<emphasis>Note:</emphasis> If any of the search bases specifies a search " "filter, then the dereference lookup performance enhancement will be disabled " @@ -2686,26 +3005,26 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1033 +#: sssd-ldap.5.xml:1137 msgid "ldap_tls_reqcert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1036 +#: sssd-ldap.5.xml:1140 msgid "" "Specifies what checks to perform on server certificates in a TLS session, if " "any. It can be specified as one of the following values:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1042 +#: sssd-ldap.5.xml:1146 msgid "" "<emphasis>never</emphasis> = The client will not request or check any server " "certificate." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1046 +#: sssd-ldap.5.xml:1150 msgid "" "<emphasis>allow</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2713,7 +3032,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1053 +#: sssd-ldap.5.xml:1157 msgid "" "<emphasis>try</emphasis> = The server certificate is requested. If no " "certificate is provided, the session proceeds normally. If a bad certificate " @@ -2721,7 +3040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1059 +#: sssd-ldap.5.xml:1163 msgid "" "<emphasis>demand</emphasis> = The server certificate is requested. If no " "certificate is provided, or a bad certificate is provided, the session is " @@ -2729,41 +3048,41 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1065 +#: sssd-ldap.5.xml:1169 msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1069 +#: sssd-ldap.5.xml:1173 msgid "Default: hard" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1075 +#: sssd-ldap.5.xml:1179 msgid "ldap_tls_cacert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1078 +#: sssd-ldap.5.xml:1182 msgid "" "Specifies the file that contains certificates for all of the Certificate " "Authorities that <command>sssd</command> will recognize." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142 +#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246 msgid "" "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap." "conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1090 +#: sssd-ldap.5.xml:1194 msgid "ldap_tls_cacertdir (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1093 +#: sssd-ldap.5.xml:1197 msgid "" "Specifies the path of a directory that contains Certificate Authority " "certificates in separate individual files. Typically the file names need to " @@ -2772,38 +3091,38 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1108 +#: sssd-ldap.5.xml:1212 msgid "ldap_tls_cert (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1111 +#: sssd-ldap.5.xml:1215 msgid "Specifies the file that contains the certificate for the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 -#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359 +#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 +#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359 msgid "Default: not set" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1121 +#: sssd-ldap.5.xml:1225 msgid "ldap_tls_key (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1124 +#: sssd-ldap.5.xml:1228 msgid "Specifies the file that contains the client's key." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1133 +#: sssd-ldap.5.xml:1237 msgid "ldap_tls_cipher_suite (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1136 +#: sssd-ldap.5.xml:1240 msgid "" "Specifies acceptable cipher suites. Typically this is a colon sperated " "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> " @@ -2811,90 +3130,90 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1149 +#: sssd-ldap.5.xml:1253 msgid "ldap_id_use_start_tls (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1152 +#: sssd-ldap.5.xml:1256 msgid "" "Specifies that the id_provider connection must also use <systemitem class=" "\"protocol\">tls</systemitem> to protect the channel." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1162 +#: sssd-ldap.5.xml:1266 msgid "ldap_sasl_mech (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1165 +#: sssd-ldap.5.xml:1269 msgid "" "Specify the SASL mechanism to use. Currently only GSSAPI is tested and " "supported." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326 +#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428 msgid "Default: none" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1175 +#: sssd-ldap.5.xml:1279 msgid "ldap_sasl_authid (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1178 +#: sssd-ldap.5.xml:1282 msgid "" "Specify the SASL authorization id to use. When GSSAPI is used, this " "represents the Kerberos principal used for authentication to the directory." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1183 +#: sssd-ldap.5.xml:1287 msgid "Default: host/machine.fqdn@REALM" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1189 +#: sssd-ldap.5.xml:1293 msgid "ldap_sasl_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1192 +#: sssd-ldap.5.xml:1296 msgid "" "If set to true, the LDAP library would perform a reverse lookup to " "canonicalize the host name during a SASL bind." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1197 +#: sssd-ldap.5.xml:1301 msgid "Default: false;" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1203 +#: sssd-ldap.5.xml:1307 msgid "ldap_krb5_keytab (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1206 +#: sssd-ldap.5.xml:1310 msgid "Specify the keytab to use when using SASL/GSSAPI." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1209 +#: sssd-ldap.5.xml:1313 msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1215 +#: sssd-ldap.5.xml:1319 msgid "ldap_krb5_init_creds (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1218 +#: sssd-ldap.5.xml:1322 msgid "" "Specifies that the id_provider should init Kerberos credentials (TGT). This " "action is performed only if SASL is used and the mechanism selected is " @@ -2902,27 +3221,27 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1230 +#: sssd-ldap.5.xml:1334 msgid "ldap_krb5_ticket_lifetime (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1233 +#: sssd-ldap.5.xml:1337 msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1237 +#: sssd-ldap.5.xml:1341 msgid "Default: 86400 (24 hours)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74 +#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74 msgid "krb5_server (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77 +#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77 msgid "" "Specifies the comma-separated list of IP addresses or hostnames of the " "Kerberos servers to which SSSD should connect in the order of preference. " @@ -2934,7 +3253,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89 +#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89 msgid "" "When using service discovery for KDC or kpasswd servers, SSSD first searches " "for DNS entries that specify _udp as the protocol and falls back to _tcp if " @@ -2942,7 +3261,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94 +#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94 msgid "" "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. " "While the legacy name is recognized for the time being, users are advised to " @@ -2950,62 +3269,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103 +#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103 msgid "krb5_realm (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1275 +#: sssd-ldap.5.xml:1379 msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1278 +#: sssd-ldap.5.xml:1382 msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409 +#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409 msgid "krb5_canonicalize (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1287 +#: sssd-ldap.5.xml:1391 msgid "" "Specifies if the host principal should be canonicalized when connecting to " "LDAP server. This feature is available with MIT Kerberos >= 1.7" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1299 +#: sssd-ldap.5.xml:1403 msgid "ldap_pwd_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1302 +#: sssd-ldap.5.xml:1406 msgid "" "Select the policy to evaluate the password expiration on the client side. " "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1307 +#: sssd-ldap.5.xml:1411 msgid "" "<emphasis>none</emphasis> - No evaluation on the client side. This option " "cannot disable server-side password policies." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1312 +#: sssd-ldap.5.xml:1416 msgid "" "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</" "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to " -"evaluate if the password has expired. Note that the current version of sssd " -"cannot update this attribute during a password change." +"evaluate if the password has expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1320 +#: sssd-ldap.5.xml:1422 msgid "" "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos " "to determine if the password has expired. Use chpass_provider=krb5 to update " @@ -3013,61 +3331,61 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1332 +#: sssd-ldap.5.xml:1434 msgid "ldap_referrals (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1335 +#: sssd-ldap.5.xml:1437 msgid "Specifies whether automatic referral chasing should be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1339 +#: sssd-ldap.5.xml:1441 msgid "" "Please note that sssd only supports referral chasing when it is compiled " "with OpenLDAP version 2.4.13 or higher." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1350 +#: sssd-ldap.5.xml:1452 msgid "ldap_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1353 +#: sssd-ldap.5.xml:1455 msgid "Specifies the service name to use when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1357 +#: sssd-ldap.5.xml:1459 msgid "Default: ldap" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1363 +#: sssd-ldap.5.xml:1465 msgid "ldap_chpass_dns_service_name (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1366 +#: sssd-ldap.5.xml:1468 msgid "" "Specifies the service name to use to find an LDAP server which allows " "password changes when service discovery is enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1371 +#: sssd-ldap.5.xml:1473 msgid "Default: not set, i.e. service discovery is disabled" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1377 +#: sssd-ldap.5.xml:1479 msgid "ldap_access_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1380 +#: sssd-ldap.5.xml:1482 msgid "" "If using access_provider = ldap, this option is mandatory. It specifies an " "LDAP search filter criteria that must be met for the user to be granted " @@ -3077,12 +3395,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616 +#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982 msgid "Example:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1393 +#: sssd-ldap.5.xml:1495 #, no-wrap msgid "" "access_provider = ldap\n" @@ -3091,14 +3409,14 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1397 +#: sssd-ldap.5.xml:1499 msgid "" "This example means that access to this host is restricted to members of the " "\"allowedusers\" group in ldap." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1402 +#: sssd-ldap.5.xml:1504 msgid "" "Offline caching for this feature is limited to determining whether the " "user's last online login was granted access permission. If they were granted " @@ -3107,24 +3425,24 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460 +#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562 msgid "Default: Empty" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1416 +#: sssd-ldap.5.xml:1518 msgid "ldap_account_expire_policy (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1419 +#: sssd-ldap.5.xml:1521 msgid "" "With this option a client side evaluation of access control attributes can " "be enabled." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1423 +#: sssd-ldap.5.xml:1525 msgid "" "Please note that it is always recommended to use server side access control, " "i.e. the LDAP server should deny the bind request with a suitable error code " @@ -3132,19 +3450,19 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1430 +#: sssd-ldap.5.xml:1532 msgid "The following values are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1433 +#: sssd-ldap.5.xml:1535 msgid "" "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to " "determine if the account is expired." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1438 +#: sssd-ldap.5.xml:1540 msgid "" "<emphasis>ad</emphasis>: use the value of the 32bit field " "ldap_user_ad_user_account_control and allow access if the second bit is not " @@ -3153,7 +3471,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1445 +#: sssd-ldap.5.xml:1547 msgid "" "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</" "emphasis>: use the value of ldap_ns_account_lock to check if access is " @@ -3161,7 +3479,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1451 +#: sssd-ldap.5.xml:1553 msgid "" "<emphasis>nds</emphasis>: the values of " "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and " @@ -3170,89 +3488,89 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1466 +#: sssd-ldap.5.xml:1568 msgid "ldap_access_order (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1469 +#: sssd-ldap.5.xml:1571 msgid "Comma separated list of access control options. Allowed values are:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1473 +#: sssd-ldap.5.xml:1575 msgid "<emphasis>filter</emphasis>: use ldap_access_filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1476 +#: sssd-ldap.5.xml:1578 msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1480 +#: sssd-ldap.5.xml:1582 msgid "" "<emphasis>authorized_service</emphasis>: use the authorizedService attribute " "to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1485 +#: sssd-ldap.5.xml:1587 msgid "<emphasis>host</emphasis>: use the host attribute to determine access" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1489 +#: sssd-ldap.5.xml:1591 msgid "Default: filter" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1492 +#: sssd-ldap.5.xml:1594 msgid "" "Please note that it is a configuration error if a value is used more than " "once." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1499 +#: sssd-ldap.5.xml:1601 msgid "ldap_deref (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1502 +#: sssd-ldap.5.xml:1604 msgid "" "Specifies how alias dereferencing is done when performing a search. The " "following options are allowed:" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1507 +#: sssd-ldap.5.xml:1609 msgid "<emphasis>never</emphasis>: Aliases are never dereferenced." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1511 +#: sssd-ldap.5.xml:1613 msgid "" "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of " "the base object, but not in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1516 +#: sssd-ldap.5.xml:1618 msgid "" "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating " "the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1521 +#: sssd-ldap.5.xml:1623 msgid "" "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and " "in locating the base object of the search." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1526 +#: sssd-ldap.5.xml:1628 msgid "" "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP " "client libraries)" @@ -3269,74 +3587,354 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1538 -msgid "ADVANCED OPTIONS" +#: sssd-ldap.5.xml:1639 +msgid "SUDO OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1545 -msgid "ldap_netgroup_search_base (string)" +#: sssd-ldap.5.xml:1644 +msgid "ldap_sudorule_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1647 +msgid "The object class of a sudo rule entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1650 +msgid "Default: sudoRole" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1656 +msgid "ldap_sudorule_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1659 +msgid "The LDAP attribute that corresponds to the sudo rule name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1669 +msgid "ldap_sudorule_command (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1672 +msgid "The LDAP attribute that corresponds to the command name." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1676 +msgid "Default: sudoCommand" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1682 +msgid "ldap_sudorule_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1548 +#: sssd-ldap.5.xml:1685 msgid "" -"An optional base DN to restrict netgroup searches to a specific subtree." +"The LDAP attribute that corresponds to the host name (or host IP address, " +"host IP network, or host netgroup)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1690 +msgid "Default: sudoHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1696 +msgid "ldap_sudorule_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590 +#: sssd-ldap.5.xml:1699 msgid "" -"See <quote>ldap_search_base</quote> for information about configuring " -"multiple search bases." +"The LDAP attribute that corresponds to the user name (or UID, group name or " +"user's netgroup)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595 -msgid "Default: the value of <emphasis>ldap_search_base</emphasis>" +#: sssd-ldap.5.xml:1703 +msgid "Default: sudoUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1709 +msgid "ldap_sudorule_option (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1712 +msgid "The LDAP attribute that corresponds to the sudo options." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1716 +msgid "Default: sudoOption" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1722 +msgid "ldap_sudorule_runasuser (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1725 +msgid "" +"The LDAP attribute that corresponds to the user name that commands may be " +"run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1729 +msgid "Default: sudoRunAsUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1735 +msgid "ldap_sudorule_runasgroup (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1738 +msgid "" +"The LDAP attribute that corresponds to the group name or group GID that " +"commands may be run as." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1742 +msgid "Default: sudoRunAsGroup" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1748 +msgid "ldap_sudorule_notbefore (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1751 +msgid "" +"The LDAP attribute that corresponds to the start date/time for when the sudo " +"rule is valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1755 +msgid "Default: sudoNotBefore" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1761 +msgid "ldap_sudorule_notafter (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1764 +msgid "" +"The LDAP attribute that corresponds to the expiration date/time, after which " +"the sudo rule will no longer be valid." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1769 +msgid "Default: sudoNotAfter" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1775 +msgid "ldap_sudorule_order (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1778 +msgid "The LDAP attribute that corresponds to the ordering index of the rule." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1782 +msgid "Default: sudoOrder" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1788 +msgid "ldap_sudo_refresh_enabled (boolean)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1791 +msgid "" +"Enables periodical download of all sudo rules. The cache is purged before " +"each update." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1801 +msgid "ldap_sudo_refresh_timeout (integer)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1804 +msgid "" +"How many seconds SSSD has to wait before refreshing its cache of sudo rules." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1642 +msgid "<placeholder type=\"variablelist\" id=\"0\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1815 +msgid "" +"This manual page only describes attribute name mapping. For detailed " +"explanation of sudo related attribute sematics, see <citerefentry> " +"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </" +"citerefentry>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1825 +msgid "AUTOFS OPTIONS" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1827 +msgid "" +"Please note that the default values correspond to the default schema which " +"is RFC2307." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1834 +msgid "ldap_autofs_map_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863 +msgid "The object class of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867 +msgid "Default: automountMap" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1847 +msgid "ldap_autofs_map_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1850 +msgid "The name of an automount map entry in LDAP." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1853 +msgid "Default: ou" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1860 +msgid "ldap_autofs_entry_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1874 +msgid "ldap_autofs_entry_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891 +msgid "" +"The key of an automount entry in LDAP. The entry usually corresponds to a " +"mount point." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1888 +msgid "ldap_autofs_entry_value (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1895 +msgid "Default: automountInformation" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para> +#: sssd-ldap.5.xml:1832 +msgid "" +"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type=" +"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> " +"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type=" +"\"variablelist\" id=\"4\"/>" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><title> +#: sssd-ldap.5.xml:1904 +msgid "ADVANCED OPTIONS" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1564 +#: sssd-ldap.5.xml:1911 +msgid "ldap_netgroup_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:1914 +msgid "" +"An optional base DN to restrict netgroup searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:1930 msgid "ldap_user_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1567 +#: sssd-ldap.5.xml:1933 msgid "An optional base DN to restrict user searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1583 +#: sssd-ldap.5.xml:1949 msgid "ldap_group_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1586 +#: sssd-ldap.5.xml:1952 msgid "An optional base DN to restrict group searches to a specific subtree." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1602 +#: sssd-ldap.5.xml:1968 msgid "ldap_user_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1605 +#: sssd-ldap.5.xml:1971 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict user searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1609 +#: sssd-ldap.5.xml:1975 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_user_search_base." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting> -#: sssd-ldap.5.xml:1619 +#: sssd-ldap.5.xml:1985 #, no-wrap msgid "" " ldap_user_search_filter = (loginShell=/bin/tcsh)\n" @@ -3344,33 +3942,55 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1622 +#: sssd-ldap.5.xml:1988 msgid "" "This filter would restrict user searches to users that have their shell set " "to /bin/tcsh." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ldap.5.xml:1629 +#: sssd-ldap.5.xml:1995 msgid "ldap_group_search_filter (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1632 +#: sssd-ldap.5.xml:1998 msgid "" "This option specifies an additional LDAP search filter criteria that " "restrict group searches." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ldap.5.xml:1636 +#: sssd-ldap.5.xml:2002 msgid "" "This option is <emphasis>deprecated</emphasis> in favor of the syntax used " "by ldap_group_search_base." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2012 +msgid "ldap_sudo_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2015 +msgid "" +"An optional base DN to restrict sudo rules searches to a specific subtree." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ldap.5.xml:2034 +msgid "ldap_autofs_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ldap.5.xml:2037 +msgid "" +"An optional base DN to restrict automounter searches to a specific subtree." +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1540 +#: sssd-ldap.5.xml:1906 msgid "" "These options are supported by LDAP domains, but they should be used with " "caution. Please include them in your configuration only if you know what you " @@ -3378,7 +3998,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1656 +#: sssd-ldap.5.xml:2066 msgid "" "The following example assumes that SSSD is correctly configured and LDAP is " "set to one of the domains in the <replaceable>[domains]</replaceable> " @@ -3386,7 +4006,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ldap.5.xml:1662 +#: sssd-ldap.5.xml:2072 #, no-wrap msgid "" " [domain/LDAP]\n" @@ -3400,18 +4020,18 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 +#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:540 #: sssd-krb5.5.xml:441 msgid "<placeholder type=\"programlisting\" id=\"0\"/>" msgstr "" #. type: Content of: <reference><refentry><refsect1><title> -#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61 +#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61 msgid "NOTES" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1677 +#: sssd-ldap.5.xml:2087 msgid "" "The descriptions of some of the configuration options in this manual page " "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> " @@ -3420,7 +4040,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ldap.5.xml:1688 +#: sssd-ldap.5.xml:2098 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</" @@ -3874,73 +4494,108 @@ msgid "" "built into FreeIPA v2 with the IP address of this client." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:118 +msgid "" +"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, " +"the default Kerberos realm must be set properly in /etc/krb5.conf" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:124 +#: sssd-ipa.5.xml:129 msgid "ipa_dyndns_iface (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:127 +#: sssd-ipa.5.xml:132 msgid "" "Optional. Applicable only when ipa_dyndns_update is true. Choose the " "interface whose IP address should be used for dynamic DNS updates." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:132 +#: sssd-ipa.5.xml:137 msgid "Default: Use the IP address of the IPA LDAP connection" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:138 +#: sssd-ipa.5.xml:143 msgid "ipa_hbac_search_base (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:141 +#: sssd-ipa.5.xml:146 msgid "Optional. Use the given string as search base for HBAC related objects." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:145 +#: sssd-ipa.5.xml:150 msgid "Default: Use base DN" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229 +#: sssd-ipa.5.xml:156 +msgid "ipa_host_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:159 +msgid "Optional. Use the given string as search base for host objects." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:168 +msgid "" +"If filter is given in any of search bases and " +"<emphasis>ipa_hbac_support_srchost</emphasis> is set to False, the filter " +"will be ignored." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:180 +msgid "ipa_selinux_search_base (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:183 +msgid "Optional. Use the given string as search base for SELinux user maps." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229 msgid "krb5_validate (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232 +#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232 msgid "" "Verify with the help of krb5_keytab that the TGT obtained has not been " "spoofed." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:161 +#: sssd-ipa.5.xml:209 msgid "" "Note that this default differs from the traditional Kerberos provider back " "end." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:171 +#: sssd-ipa.5.xml:219 msgid "" "The name of the Kerberos realm. This is optional and defaults to the value " "of <quote>ipa_domain</quote>." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:175 +#: sssd-ipa.5.xml:223 msgid "" "The name of the Kerberos realm has a special meaning in IPA - it is " "converted into the base DN to use for performing LDAP operations." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:186 +#: sssd-ipa.5.xml:234 msgid "" "Specifies if the host and user principal should be canonicalized when " "connecting to IPA LDAP and also for AS requests. This feature is available " @@ -3948,12 +4603,12 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:199 +#: sssd-ipa.5.xml:247 msgid "ipa_hbac_refresh (integer)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:202 +#: sssd-ipa.5.xml:250 msgid "" "The amount of time between lookups of the HBAC rules against the IPA server. " "This will reduce the latency and load on the IPA server if there are many " @@ -3961,17 +4616,17 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:209 +#: sssd-ipa.5.xml:257 msgid "Default: 5 (seconds)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:214 +#: sssd-ipa.5.xml:262 msgid "ipa_hbac_treat_deny_as (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:217 +#: sssd-ipa.5.xml:265 msgid "" "This option specifies how to treat the deprecated DENY-type HBAC rules. As " "of FreeIPA v2.1, DENY rules are no longer supported on the server. All users " @@ -3980,144 +4635,298 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:226 +#: sssd-ipa.5.xml:274 msgid "" "<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all " "users will be denied access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:231 +#: sssd-ipa.5.xml:279 msgid "" "<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very " "careful with this option, as it may result in opening unintended access." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:236 +#: sssd-ipa.5.xml:284 msgid "Default: DENY_ALL" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:241 +#: sssd-ipa.5.xml:289 msgid "ipa_hbac_support_srchost (boolean)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:244 +#: sssd-ipa.5.xml:292 msgid "" "If this is set to false, then srchost as given to SSSD by PAM will be " "ignored." msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:296 +msgid "" +"Note that if set to <emphasis>False</emphasis>, this option casuses filters " +"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:254 +#: sssd-ipa.5.xml:307 msgid "ipa_netgroup_member_of (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:257 +#: sssd-ipa.5.xml:310 msgid "The LDAP attribute that lists netgroup's memberships." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:266 +#: sssd-ipa.5.xml:319 msgid "ipa_netgroup_member_user (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:269 +#: sssd-ipa.5.xml:322 msgid "" "The LDAP attribute that lists system users and groups that are direct " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:274 +#: sssd-ipa.5.xml:327 sssd-ipa.5.xml:422 msgid "Default: memberUser" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:279 +#: sssd-ipa.5.xml:332 msgid "ipa_netgroup_member_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:282 +#: sssd-ipa.5.xml:335 msgid "" "The LDAP attribute that lists hosts and host groups that are direct members " "of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:286 +#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434 msgid "Default: memberHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:291 +#: sssd-ipa.5.xml:344 msgid "ipa_netgroup_member_ext_host (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:294 +#: sssd-ipa.5.xml:347 msgid "" "The LDAP attribute that lists FQDNs of hosts and host groups that are " "members of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:298 +#: sssd-ipa.5.xml:351 msgid "Default: externalHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:303 +#: sssd-ipa.5.xml:356 msgid "ipa_netgroup_domain (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:306 +#: sssd-ipa.5.xml:359 msgid "The LDAP attribute that contains NIS domain name of the netgroup." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:310 +#: sssd-ipa.5.xml:363 msgid "Default: nisDomainName" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:316 +#: sssd-ipa.5.xml:369 msgid "ipa_host_object_class (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:319 +#: sssd-ipa.5.xml:372 sssd-ipa.5.xml:395 msgid "The object class of a host entry in LDAP." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:322 +#: sssd-ipa.5.xml:375 sssd-ipa.5.xml:398 msgid "Default: ipaHost" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> -#: sssd-ipa.5.xml:327 +#: sssd-ipa.5.xml:380 msgid "ipa_host_fqdn (string)" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:330 +#: sssd-ipa.5.xml:383 msgid "The LDAP attribute that contains FQDN of the host." msgstr "" #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> -#: sssd-ipa.5.xml:333 +#: sssd-ipa.5.xml:386 msgid "Default: fqdn" msgstr "" +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:392 +msgid "ipa_selinux_usermap_object_class (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:403 +msgid "ipa_selinux_usermap_name (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:406 +msgid "The LDAP attribute that contains the name of SELinux usermap." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:415 +msgid "ipa_selinux_usermap_member_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:418 +msgid "" +"The LDAP attribute that contains all users / groups this rule match against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:427 +msgid "ipa_selinux_usermap_member_host (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:430 +msgid "" +"The LDAP attribute that contains all hosts / hostgroups this rule match " +"against." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:439 +msgid "ipa_selinux_usermap_see_also (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:442 +msgid "" +"The LDAP attribute that contains DN of HBAC rule which can be used for " +"matching instead of memberUser and memberHost" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:447 +msgid "Default: seeAlso" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:452 +msgid "ipa_selinux_usermap_selinux_user (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:455 +msgid "The LDAP attribute that contains SELinux user string itself." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:459 +msgid "Default: ipaSELinuxUser" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:464 +msgid "ipa_selinux_usermap_enabled (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:467 +msgid "" +"The LDAP attribute that contains whether or not is user map enabled for " +"usage." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:471 +msgid "Default: ipaEnabledFlag" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:476 +msgid "ipa_selinux_usermap_user_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:479 +msgid "The LDAP attribute that contains user category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:483 +msgid "Default: userCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:488 +msgid "ipa_selinux_usermap_host_category (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:491 +msgid "The LDAP attribute that contains host category such as 'all'." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:495 +msgid "Default: hostCategory" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:500 +msgid "ipa_selinux_usermap_uuid (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:503 +msgid "The LDAP attribute that contains unique ID of the user map." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:507 +msgid "Default: ipaUniqueID" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term> +#: sssd-ipa.5.xml:512 +msgid "ipa_host_ssh_public_key (string)" +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:515 +msgid "The LDAP attribute that contains the host's SSH public keys." +msgstr "" + +#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para> +#: sssd-ipa.5.xml:519 +msgid "Default: ipaSshPubKey" +msgstr "" + #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:348 +#: sssd-ipa.5.xml:534 msgid "" "The following example assumes that SSSD is correctly configured and example." "com is one of the domains in the <replaceable>[sssd]</replaceable> section. " @@ -4125,7 +4934,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para><programlisting> -#: sssd-ipa.5.xml:355 +#: sssd-ipa.5.xml:541 #, no-wrap msgid "" " [domain/example.com]\n" @@ -4135,7 +4944,7 @@ msgid "" msgstr "" #. type: Content of: <reference><refentry><refsect1><para> -#: sssd-ipa.5.xml:366 +#: sssd-ipa.5.xml:552 msgid "" "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</" "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</" -- cgit